CVE-2021-23383

Critical

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates…

snyk·CWE-1321·Published 2021-05-04

CVSS

9.8

EPSS

0.05

KEV

Exploits

cve.orgen

168 chars

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

NVDen

168 chars

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

GHSAen

168 chars

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

NVDes

218 chars

El package handlebars versiones anteriores a 4.7.7, son vulnerables a una Contaminación de Prototipos al seleccionar determinadas opciones de compilación para agrupar plantillas que provienen de una fuente no confiable

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	5.6	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.1	Primary	cve.org	5.6	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	5.6	2.2	3.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L