VulnerableCode Package Details - pkg:npm/handlebars@4.4.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-q9rt-jtx1-hybx Aliases: GHSA-q2c6-c6pm-g3gh GMS-2020-730	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.	4.5.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-s9ab-ntdt-vkgd Aliases: GHSA-g9r4-xpmj-mj65 GMS-2020-729	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.	4.5.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-uv5v-22z9-fbfg Aliases: GHSA-2cf5-4w76-r9qv GMS-2020-727	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.	4.5.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xxez-8xav-cfdz Aliases: CVE-2021-23369 GHSA-f2jv-r9rf-7988	Remote code execution in handlebars when compiling templates The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23369.	4.7.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-q9rt-jtx1-hybx
Aliases:
GHSA-q2c6-c6pm-g3gh
GMS-2020-730

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.

4.5.3
Affected by 1 other vulnerability.

VCID-s9ab-ntdt-vkgd
Aliases:
GHSA-g9r4-xpmj-mj65
GMS-2020-729

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.

4.5.3
Affected by 1 other vulnerability.

VCID-uv5v-22z9-fbfg
Aliases:
GHSA-2cf5-4w76-r9qv
GMS-2020-727

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in handlebars.

4.5.2
Affected by 3 other vulnerabilities.

VCID-xxez-8xav-cfdz
Aliases:
CVE-2021-23369
GHSA-f2jv-r9rf-7988

Remote code execution in handlebars when compiling templates The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23369.

4.7.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-25sr-kapq-dbea	Denial of Service in handlebars Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later.	GHSA-f52g-6jhx-586p GMS-2020-728
VCID-cfg5-1ju5-73b1	Uncontrolled Resource Consumption Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.	CVE-2019-20922 GHSA-62gr-4qp9-h98f

Vulnerability

Summary

Aliases

VCID-25sr-kapq-dbea

Denial of Service in handlebars Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later.

GHSA-f52g-6jhx-586p
GMS-2020-728

VCID-cfg5-1ju5-73b1

Uncontrolled Resource Consumption Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

CVE-2019-20922
GHSA-62gr-4qp9-h98f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:19:41.975568+00:00	GHSA Importer	Fixing	VCID-cfg5-1ju5-73b1	https://github.com/advisories/GHSA-62gr-4qp9-h98f	38.6.0
2026-06-05T21:13:54.430841+00:00	GHSA Importer	Fixing	VCID-25sr-kapq-dbea	https://github.com/advisories/GHSA-f52g-6jhx-586p	38.6.0
2026-06-04T20:50:30.712165+00:00	GitLab Importer	Affected by	VCID-xxez-8xav-cfdz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/CVE-2021-23369.yml	38.6.0
2026-06-04T20:38:24.073870+00:00	GitLab Importer	Affected by	VCID-uv5v-22z9-fbfg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2020-727.yml	38.6.0
2026-06-04T20:38:12.418421+00:00	GitLab Importer	Affected by	VCID-q9rt-jtx1-hybx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2020-730.yml	38.6.0
2026-06-04T20:37:53.544498+00:00	GitLab Importer	Affected by	VCID-s9ab-ntdt-vkgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2020-729.yml	38.6.0
2026-06-04T17:51:00.024125+00:00	GithubOSV Importer	Fixing	VCID-cfg5-1ju5-73b1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-62gr-4qp9-h98f/GHSA-62gr-4qp9-h98f.json	38.6.0
2026-06-04T17:22:07.276552+00:00	GithubOSV Importer	Fixing	VCID-25sr-kapq-dbea	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-f52g-6jhx-586p/GHSA-f52g-6jhx-586p.json	38.6.0
2026-06-04T16:20:17.850646+00:00	GitLab Importer	Fixing	VCID-25sr-kapq-dbea	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2020-728.yml	38.6.0
2026-06-02T04:41:31.232722+00:00	GitLab Importer	Fixing	VCID-cfg5-1ju5-73b1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/CVE-2019-20922.yml	38.6.0