CVE-2021-23369

Published April 12th, 2021

View on NVD ↗

CVSS v3

5.6

MEDIUM

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

handlebars-lang/handlebars.js

Minimal templating on steroids.

GitHub

18.6K