Description
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)
MySQL CVE-2024-21163 Vulnerability (CVE-2024-21163)
PostgreSQL Other Vulnerability (CVE-2004-0977)
WordPress Plugin Twitch Player Cross-Site Scripting (2.1.0)
WordPress Plugin FancyBox for WordPress Security Bypass (3.0.2)