Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Handlebars\.js
(Handlebars\.js_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-12-20 | CVE-2019-19919 | Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads. | Handlebars\.js, Tenable\.sc | 9.8 | ||
| 2017-01-23 | CVE-2015-8861 | The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | Handlebars\.js | N/A |