Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution

Question

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution

dekuhn opened this issue 6 years ago · 1 comments

Remediation
Upgrade handlebars to version 4.1.2 or later. For example:

"dependencies": {
"handlebars": ">=4.1.2"
}
or…
"devDependencies": {
"handlebars": ">=4.1.2"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
WS-2019-0064 More information
high severity
Vulnerable versions: >= 4.1.0, < 4.1.2
Patched version: 4.1.2
Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Answer 1 · 2019-06-07T17:18:13.000Z

Applied security fix #6