CVE-2021-23383

Published May 4th, 2021

View on NVD ↗

CVSS v3

5.6

MEDIUM

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

handlebars-lang/handlebars.js

Minimal templating on steroids.

GitHub

18.6K