VulnerableCode Package Details - pkg:npm/handlebars@4.5.3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-f5rz-dtuy-bbgx	Prototype Pollution in handlebars Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions. ## Recommendation Upgrade to version 3.0.8, 4.5.3 or later.	GHSA-g9r4-xpmj-mj65
VCID-wkcp-xswz-t3d9	Arbitrary Code Execution in handlebars Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). ## Recommendation Upgrade to version 3.0.8, 4.5.3 or later.	GHSA-q2c6-c6pm-g3gh
VCID-x86m-h2at-37am	Arbitrary Code Execution in Handlebars Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).	CVE-2019-20920 GHSA-3cqr-58rm-57f8

Vulnerability

Summary

Aliases

VCID-f5rz-dtuy-bbgx

Prototype Pollution in handlebars Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions. ## Recommendation Upgrade to version 3.0.8, 4.5.3 or later.

GHSA-g9r4-xpmj-mj65

VCID-wkcp-xswz-t3d9

Arbitrary Code Execution in handlebars Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). ## Recommendation Upgrade to version 3.0.8, 4.5.3 or later.

GHSA-q2c6-c6pm-g3gh

VCID-x86m-h2at-37am

Arbitrary Code Execution in Handlebars Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).

CVE-2019-20920
GHSA-3cqr-58rm-57f8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T12:24:13.175584+00:00	GithubOSV Importer	Fixing	VCID-x86m-h2at-37am	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-3cqr-58rm-57f8/GHSA-3cqr-58rm-57f8.json	36.1.3
2025-07-01T12:16:37.839550+00:00	GithubOSV Importer	Fixing	VCID-f5rz-dtuy-bbgx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-g9r4-xpmj-mj65/GHSA-g9r4-xpmj-mj65.json	36.1.3
2025-07-01T12:16:31.167502+00:00	GithubOSV Importer	Fixing	VCID-wkcp-xswz-t3d9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-q2c6-c6pm-g3gh/GHSA-q2c6-c6pm-g3gh.json	36.1.3