CVE-2021-23383: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
References
- github.com/advisories/GHSA-765h-qjxv-5f44
- github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
- nvd.nist.gov/vuln/detail/CVE-2021-23383
- security.netapp.com/advisory/ntap-20210618-0007/
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030
- snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
- www.npmjs.com/package/handlebars
Detect and mitigate CVE-2021-23383 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →