Remote Code Execution (RCE) Vulnerability in Handlebars Package (Versions before 4.7.7)

CVE-2021-23369 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

Learn more about our Web Application Penetration Testing UK.