Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.webjars/handlebars@1.2.1
purl pkg:maven/org.webjars/handlebars@1.2.1
Next non-vulnerable version 4.7.7
Latest non-vulnerable version 4.7.7
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-xxez-8xav-cfdz
Aliases:
CVE-2021-23369
GHSA-f2jv-r9rf-7988
Remote code execution in handlebars when compiling templates The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23369.
4.7.7
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:50:30.922578+00:00 GitLab Importer Affected by VCID-xxez-8xav-cfdz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.webjars/handlebars/CVE-2021-23369.yml 38.6.0
2026-06-04T18:27:53.772309+00:00 GHSA Importer Affected by VCID-xxez-8xav-cfdz https://github.com/advisories/GHSA-f2jv-r9rf-7988 38.6.0