CVE-2021-23383

Name of the Vulnerable Software and Affected Versions Handlebars versions prior to 4.7.7

Description The issue is related to errors in code generation management in the Handlebars template creation tool. It can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability is specifically related to Prototype Pollution when certain compiling options are selected to compile templates from an untrusted source.

Recommendations For versions prior to 4.7.7, update to version 4.7.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of untrusted templates and certain compiling options to minimize the risk of exploitation. Avoid using the Handlebars package with untrusted input until the issue is resolved.