Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/246594?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/246594?format=api", "purl": "pkg:npm/handlebars@4.1.2-0", "type": "npm", "namespace": "", "name": "handlebars", "version": "4.1.2-0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.7.7", "latest_non_vulnerable_version": "4.7.9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53220?format=api", "vulnerability_id": "VCID-25sr-kapq-dbea", "summary": "Denial of Service in handlebars\nAffected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 4.4.5 or later.", "references": [ { "reference_url": "https://www.npmjs.com/advisories/1300", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1300" }, { "reference_url": "https://github.com/advisories/GHSA-f52g-6jhx-586p", "reference_id": "GHSA-f52g-6jhx-586p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f52g-6jhx-586p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60585?format=api", "purl": "pkg:npm/handlebars@4.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q9rt-jtx1-hybx" }, { "vulnerability": "VCID-s9ab-ntdt-vkgd" }, { "vulnerability": "VCID-uv5v-22z9-fbfg" }, { "vulnerability": "VCID-xxez-8xav-cfdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.4.5" } ], "aliases": [ "GHSA-f52g-6jhx-586p", "GMS-2020-728" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-25sr-kapq-dbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51602?format=api", "vulnerability_id": "VCID-nhz2-v28w-gye1", "summary": "Prototype Pollution in handlebars\nThe bootstrap-wysihtml5-rails gem includes the vendored JavaScript library 'handlebars.js'.\nVersions 0.3.3.7-0.3.3.8 include handlebars 3.0.2, and versions 0.3.3.5-0.3.3.6 include handlebars 1.3.0.\n\nVersions Affected: 0.3.3.5-0.3.3.8\nNot affected: < 0.3.3.5\nFixed Versions: None\n\nVersions of handlebars prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution.\nTemplates may alter an Objects' __proto__ and __defineGetter__ properties, which may allow an attacker to execute\narbitrary code through crafted payloads.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24752", "scoring_system": "epss", "scoring_elements": "0.96248", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919" }, { "reference_url": "https://github.com/advisories/GHSA-w457-6q6x-cgp9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w457-6q6x-cgp9" }, { "reference_url": "https://github.com/handlebars-lang/handlebars.js/commit/156061eb7707575293613d7fdf90e2bdaac029ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/handlebars-lang/handlebars.js/commit/156061eb7707575293613d7fdf90e2bdaac029ee" }, { "reference_url": "https://github.com/handlebars-lang/handlebars.js/commit/90ad8d97ad2933852fb83fcc054699dc99e094db", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/handlebars-lang/handlebars.js/commit/90ad8d97ad2933852fb83fcc054699dc99e094db" }, { "reference_url": "https://github.com/Nerian/bootstrap-wysihtml5-rails/blob/master/vendor/assets/javascripts/bootstrap-wysihtml5/handlebars.runtime.min.js", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Nerian/bootstrap-wysihtml5-rails/blob/master/vendor/assets/javascripts/bootstrap-wysihtml5/handlebars.runtime.min.js" }, { "reference_url": "https://github.com/Nerian/bootstrap-wysihtml5-rails/tree/master/vendor/assets/javascripts/bootstrap-wysihtml5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Nerian/bootstrap-wysihtml5-rails/tree/master/vendor/assets/javascripts/bootstrap-wysihtml5" }, { "reference_url": "https://github.com/wycats/handlebars.js", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wycats/handlebars.js" }, { "reference_url": "https://github.com/wycats/handlebars.js/commit/2078c727c627f25d4a149962f05c1e069beb18bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wycats/handlebars.js/commit/2078c727c627f25d4a149962f05c1e069beb18bc" }, { "reference_url": "https://github.com/wycats/handlebars.js/issues/1558", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wycats/handlebars.js/issues/1558" }, { "reference_url": "https://www.npmjs.com/advisories/1164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/1164" }, { "reference_url": "https://www.tenable.com/security/tns-2021-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/security/tns-2021-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959", "reference_id": "1789959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789959" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919", "reference_id": "CVE-2019-19919", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19919" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-wysihtml5-rails/CVE-2019-19919.yml", "reference_id": "CVE-2019-19919.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-wysihtml5-rails/CVE-2019-19919.yml" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1334", "reference_id": "RHSA-2023:1334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76410?format=api", "purl": "pkg:npm/handlebars@4.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25sr-kapq-dbea" }, { "vulnerability": "VCID-q9rt-jtx1-hybx" }, { "vulnerability": "VCID-s9ab-ntdt-vkgd" }, { "vulnerability": "VCID-uv5v-22z9-fbfg" }, { "vulnerability": "VCID-xxez-8xav-cfdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.3.0" } ], "aliases": [ "CVE-2019-19919", "GHSA-w457-6q6x-cgp9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhz2-v28w-gye1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53518?format=api", "vulnerability_id": "VCID-q9rt-jtx1-hybx", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.", "references": [ { "reference_url": "https://www.npmjs.com/advisories/1324", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1324" }, { "reference_url": "https://github.com/advisories/GHSA-q2c6-c6pm-g3gh", "reference_id": "GHSA-q2c6-c6pm-g3gh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q2c6-c6pm-g3gh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60597?format=api", "purl": "pkg:npm/handlebars@4.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xxez-8xav-cfdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.5.3" } ], "aliases": [ "GHSA-q2c6-c6pm-g3gh", "GMS-2020-730" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9rt-jtx1-hybx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53462?format=api", "vulnerability_id": "VCID-s9ab-ntdt-vkgd", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.", "references": [ { "reference_url": "https://www.npmjs.com/advisories/1325", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1325" }, { "reference_url": "https://github.com/advisories/GHSA-g9r4-xpmj-mj65", "reference_id": "GHSA-g9r4-xpmj-mj65", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g9r4-xpmj-mj65" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60597?format=api", "purl": "pkg:npm/handlebars@4.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xxez-8xav-cfdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.5.3" } ], "aliases": [ "GHSA-g9r4-xpmj-mj65", "GMS-2020-729" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ab-ntdt-vkgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53543?format=api", "vulnerability_id": "VCID-uv5v-22z9-fbfg", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.", "references": [ { "reference_url": "https://www.npmjs.com/advisories/1316", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1316" }, { "reference_url": "https://github.com/advisories/GHSA-2cf5-4w76-r9qv", "reference_id": "GHSA-2cf5-4w76-r9qv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2cf5-4w76-r9qv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78597?format=api", "purl": "pkg:npm/handlebars@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q9rt-jtx1-hybx" }, { "vulnerability": "VCID-s9ab-ntdt-vkgd" }, { "vulnerability": "VCID-xxez-8xav-cfdz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.5.2" } ], "aliases": [ "GHSA-2cf5-4w76-r9qv", "GMS-2020-727" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5v-22z9-fbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51487?format=api", "vulnerability_id": "VCID-xxez-8xav-cfdz", "summary": "Remote code execution in handlebars when compiling templates\nThe package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when\nselecting certain compiling options to compile templates coming from an untrusted source.\nThis vulnerability has been assigned the CVE identifier CVE-2021-23369.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23369.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23369.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23369", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03582", "scoring_system": "epss", "scoring_elements": "0.87954", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23369" }, { "reference_url": "https://github.com/advisories/GHSA-f2jv-r9rf-7988", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2jv-r9rf-7988" }, { "reference_url": "https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8" }, { "reference_url": "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427" }, { "reference_url": "https://github.com/wycats/handlebars.js", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wycats/handlebars.js" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210604-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210604-0008" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210604-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210604-0008/" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952" }, { "reference_url": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761", "reference_id": "1948761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369", "reference_id": "CVE-2021-23369", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2500", "reference_id": "RHSA-2021:2500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4032", "reference_id": "RHSA-2021:4032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4628", "reference_id": "RHSA-2021:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1334", "reference_id": "RHSA-2023:1334", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60541?format=api", "purl": "pkg:npm/handlebars@4.7.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.7.7" } ], "aliases": [ "CVE-2021-23369", "GHSA-f2jv-r9rf-7988" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxez-8xav-cfdz" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/handlebars@4.1.2-0" }