Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:LHandlebarsjs Handlebars
APPHandlebarsjs< 3.0.84.0.0 – 4.5.3 (bez)
Related vulnerabilities
RCE w Handlebars.js przez wstrzyknięcie kodu przez AST (compile)
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8...
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8...
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8...
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8...