Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The package handlebars before 4.7.7 is vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.