NodeJS/handlebars/4.7.0
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
https://www.npmjs.com/package/handlebars
MIT
2 Security Vulnerabilities
Prototype Pollution in handlebars
Published date: 2022-02-10T23:51:42Z
CVE: CVE-2021-23383
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23383
- https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
- https://www.npmjs.com/package/handlebars
- https://security.netapp.com/advisory/ntap-20210618-0007/
- https://github.com/advisories/GHSA-765h-qjxv-5f44
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/handlebars-source/CVE-2021-23383.yml
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
Affected versions:
["1.0.10", "1.0.12", "1.3.0", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0", "3.0.1", "3.0.3", "4.0.3", "4.0.4", "4.0.5", "4.0.9", "4.0.10", "1.0.5-beta", "4.0.12", "3.0.4", "3.0.6", "4.1.0", "4.0.13", "4.1.1", "3.0.7", "4.2.0", "4.3.0", "4.3.4", "4.4.0", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.5.0", "4.5.1", "4.5.2", "4.5.3", "4.6.0", "4.7.0", "4.7.2", "4.7.5", "4.7.6", "1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.11", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-beta.1", "3.0.0", "3.0.2", "4.0.0", "4.0.1", "4.0.2", "4.0.6", "4.0.7", "4.0.8", "4.0.11", "1.0.2-beta", "1.0.4-beta", "3.0.5", "4.1.2", "4.0.14", "4.1.2-0", "4.2.1", "4.3.1", "4.3.2", "4.3.3", "4.4.1", "4.4.5", "4.7.1", "4.7.3", "3.0.8", "4.7.4"]
Secure versions:
[4.7.7, 4.7.8]
Recommendation:
Update to version 4.7.8.
Remote code execution in handlebars when compiling templates
Published date: 2021-05-06T15:57:44Z
CVE: CVE-2021-23369
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23369
- https://github.com/advisories/GHSA-f2jv-r9rf-7988
- https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
- https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
- https://security.netapp.com/advisory/ntap-20210604-0008/
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Affected versions:
["1.0.10", "1.0.12", "1.3.0", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0", "3.0.1", "3.0.3", "4.0.3", "4.0.4", "4.0.5", "4.0.9", "4.0.10", "1.0.5-beta", "4.0.12", "3.0.4", "3.0.6", "4.1.0", "4.0.13", "4.1.1", "3.0.7", "4.2.0", "4.3.0", "4.3.4", "4.4.0", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.5.0", "4.5.1", "4.5.2", "4.5.3", "4.6.0", "4.7.0", "4.7.2", "4.7.5", "4.7.6", "1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.11", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-beta.1", "3.0.0", "3.0.2", "4.0.0", "4.0.1", "4.0.2", "4.0.6", "4.0.7", "4.0.8", "4.0.11", "1.0.2-beta", "1.0.4-beta", "3.0.5", "4.1.2", "4.0.14", "4.1.2-0", "4.2.1", "4.3.1", "4.3.2", "4.3.3", "4.4.1", "4.4.5", "4.7.1", "4.7.3", "3.0.8", "4.7.4"]
Secure versions:
[4.7.7, 4.7.8]
Recommendation:
Update to version 4.7.8.
80 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 4.7.8 | MIT | 2023-08-01 - 21:19 | almost 2 years | |
| 4.7.7 | MIT | 2021-02-15 - 09:39 | over 4 years | |
| 4.7.6 | MIT | 2 | 2020-04-03 - 17:59 | about 5 years |
| 4.7.5 | MIT | 2 | 2020-04-02 - 19:10 | about 5 years |
| 4.7.4 | MIT | 2 | 2020-04-01 - 17:21 | over 5 years |
| 4.7.3 | MIT | 2 | 2020-02-05 - 05:11 | over 5 years |
| 4.7.2 | MIT | 2 | 2020-01-13 - 20:53 | over 5 years |
| 4.7.1 | MIT | 2 | 2020-01-12 - 12:21 | over 5 years |
| 4.7.0 | MIT | 2 | 2020-01-10 - 16:24 | over 5 years |
| 4.6.0 | MIT | 2 | 2020-01-08 - 22:45 | over 5 years |
| 4.5.3 | MIT | 3 | 2019-11-18 - 07:11 | over 5 years |
| 4.5.2 | MIT | 6 | 2019-11-13 - 21:08 | over 5 years |
| 4.5.1 | MIT | 7 | 2019-10-29 - 04:42 | over 5 years |
| 4.5.0 | MIT | 7 | 2019-10-28 - 18:48 | over 5 years |
| 4.4.5 | MIT | 7 | 2019-10-20 - 21:08 | over 5 years |
| 4.4.4 | MIT | 9 | 2019-10-20 - 19:35 | over 5 years |
| 4.4.3 | MIT | 9 | 2019-10-08 - 20:06 | over 5 years |
| 4.4.2 | MIT | 9 | 2019-10-02 - 20:47 | over 5 years |
| 4.4.1 | MIT | 9 | 2019-10-02 - 19:53 | over 5 years |
| 4.4.0 | MIT | 9 | 2019-09-29 - 13:30 | almost 6 years |
| 4.3.5 | MIT | 9 | 2019-10-02 - 20:06 | over 5 years |
| 4.3.4 | MIT | 9 | 2019-09-28 - 11:37 | almost 6 years |
| 4.3.3 | MIT | 9 | 2019-09-27 - 05:47 | almost 6 years |
| 4.3.2 | MIT | 9 | 2019-09-26 - 21:59 | almost 6 years |
| 4.3.1 | MIT | 9 | 2019-09-24 - 22:35 | almost 6 years |
| 4.3.0 | MIT | 9 | 2019-09-24 - 06:11 | almost 6 years |
| 4.2.2 | MIT | 10 | 2019-10-02 - 20:13 | over 5 years |
| 4.2.1 | MIT | 10 | 2019-09-20 - 17:41 | almost 6 years |
| 4.2.0 | MIT | 10 | 2019-09-03 - 19:58 | almost 6 years |
| 4.1.2 | MIT | 10 | 2019-04-13 - 14:20 | about 6 years |
| 4.1.2-0 | MIT | 11 | 2019-08-25 - 16:07 | almost 6 years |
| 4.1.1 | MIT | 11 | 2019-03-16 - 21:29 | over 6 years |
| 4.1.0 | MIT | 11 | 2019-02-07 - 09:48 | over 6 years |
| 4.0.14 | MIT | 11 | 2019-04-13 - 14:39 | about 6 years |
| 4.0.13 | MIT | 12 | 2019-02-07 - 10:28 | over 6 years |
| 4.0.12 | MIT | 12 | 2018-09-04 - 18:46 | almost 7 years |
| 4.0.11 | MIT | 12 | 2017-10-17 - 20:53 | over 7 years |
| 4.0.10 | MIT | 12 | 2017-05-21 - 12:11 | about 8 years |
| 4.0.9 | MIT | 12 | 2017-05-21 - 11:40 | about 8 years |
| 4.0.8 | MIT | 12 | 2017-05-02 - 20:56 | about 8 years |
| 4.0.7 | MIT | 12 | 2017-04-29 - 20:54 | about 8 years |
| 4.0.6 | MIT | 12 | 2016-11-13 - 01:27 | over 8 years |
| 4.0.5 | MIT | 12 | 2015-11-20 - 05:07 | over 9 years |
| 4.0.4 | MIT | 12 | 2015-10-29 - 06:57 | over 9 years |
| 4.0.3 | MIT | 12 | 2015-09-24 - 03:41 | almost 10 years |
| 4.0.2 | MIT | 12 | 2015-09-04 - 14:13 | almost 10 years |
| 4.0.1 | MIT | 12 | 2015-09-03 - 02:21 | almost 10 years |
| 4.0.0 | MIT | 12 | 2015-09-01 - 13:19 | almost 10 years |
| 3.0.8 | MIT | 7 | 2020-02-23 - 10:02 | over 5 years |
| 3.0.7 | MIT | 12 | 2019-06-30 - 08:54 | about 6 years |