PT-2021-15466 · Unknown · Handlebars

Francois Lajeunesse-Robert

Published

2021-04-12

Updated

2026-03-26

CVE-2021-23369

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions handlebars versions prior to 4.7.7

Description The issue allows for Remote Code Execution (RCE) when certain compiling options are selected to compile templates from an untrusted source.

Recommendations For versions prior to 4.7.7, update to version 4.7.7 or later to resolve the issue.

Exploit

Fix

Code Injection

XSS

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79CWE-1321

Related Identifiers

CVE-2021-23369

GHSA-2QVQ-RJWJ-GVW9

GHSA-F2JV-R9RF-7988

SNYK-JAVA-ORGWEBJARS-1074950

SNYK-JAVA-ORGWEBJARSBOWER-1074951

SNYK-JAVA-ORGWEBJARSNPM-1074952

SNYK-JS-HANDLEBARS-1056767

Affected Products

Handlebars

PT-2021-15466 · Unknown · Handlebars

CVE-2021-23369

Weakness Enumeration

Related Identifiers

Affected Products

References · 24