Handlebarsjs Handlebars 1.0.0 for Node.js

CPE Details

Handlebarsjs Handlebars 1.0.0 for Node.js
handlebarsjs
handlebars
1.0.0
2020-10-02
15h12 +00:00
2020-10-02
15h12 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:handlebarsjs:handlebars:1.0.0:-:*:*:*:node.js:*:*

Informations

Vendor

handlebarsjs

Product

handlebars

Version

1.0.0

Update

-

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-23383 2021-05-04 08h35 +00:00 The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
9.8
Critical
CVE-2021-23369 2021-04-12 13h10 +00:00 The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
9.8
Critical
CVE-2019-20920 2020-09-30 10h30 +00:00 Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
8.1
High