{"id":"CVE-2021-23383","details":"The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.","aliases":["GHSA-765h-qjxv-5f44"],"modified":"2026-04-10T04:30:23.446271Z","published":"2021-05-04T09:15:07.753Z","related":["CGA-m8vx-9g69-7q85","SNYK-JAVA-ORGWEBJARS-1279031","SNYK-JAVA-ORGWEBJARSBOWER-1279032","SNYK-JAVA-ORGWEBJARSNPM-1279030","SNYK-JS-HANDLEBARS-1279029"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210618-0007/"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029"},{"type":"FIX","url":"https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031"},{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/handlebars-lang/handlebars.js","events":[{"introduced":"0"},{"fixed":"a9a8e403213583ca90cb7c872d3a22796c37d961"},{"fixed":"f0589701698268578199be25285b2ebea1c1e427"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.7.7"}]}}],"versions":["0.9.0.pre.4","1.0.0","1.0.0-rc.3","1.0.0-rc.4","1.0.0.beta.1","1.0.rc.2","v1.0.10","v1.0.11","v1.0.12","v1.0.6","v1.0.6-2","v1.0.6beta","v1.0.8","v1.0.9","v1.1.0","v1.1.1","v1.1.2","v1.2.0","v1.2.1","v1.3.0","v2.0.0","v2.0.0-alpha.1","v2.0.0-alpha.2","v2.0.0-alpha.3","v2.0.0-alpha.4","v2.0.0-beta.1","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v4.0.0","v4.0.1","v4.0.10","v4.0.11","v4.0.12","v4.0.2","v4.0.3","v4.0.4","v4.0.5","v4.0.6","v4.0.7","v4.0.8","v4.0.9","v4.1.1","v4.1.2","v4.1.2-0","v4.2.0","v4.2.1","v4.3.0","v4.3.1","v4.3.2","v4.3.3","v4.3.4","v4.4.0","v4.4.1","v4.4.2","v4.4.3","v4.5.0","v4.5.1","v4.5.2","v4.5.3","v4.6.0","v4.7.0","v4.7.1","v4.7.2","v4.7.3","v4.7.4","v4.7.5","v4.7.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23383.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}