← Back

Handlebars.js

handlebars.js

Vendor: Handlebars.js Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-19919
2Handlebars.js Project
Tenable
2Handlebars.js
Tenable.sc
Nov 21, 2024
Dec 20, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to exec...Show more
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.Show less
CVE-2015-8861
1Handlebars.js Project
1Handlebars.js
May 13, 2026
Jan 23, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.