The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Handlebars | Handlebarsjs | * | 4.7.7 (excluding) |
| Libjs-handlebars | Ubuntu | trusty | * |
| Node-handlebars | Ubuntu | bionic | * |
| Node-handlebars | Ubuntu | esm-apps/bionic | * |
| Node-handlebars | Ubuntu | esm-apps/focal | * |
| Node-handlebars | Ubuntu | esm-apps/jammy | * |
| Node-handlebars | Ubuntu | focal | * |
| Node-handlebars | Ubuntu | groovy | * |
| Node-handlebars | Ubuntu | hirsute | * |
| Node-handlebars | Ubuntu | impish | * |
| Node-handlebars | Ubuntu | jammy | * |
| Node-handlebars | Ubuntu | kinetic | * |
| Node-handlebars | Ubuntu | trusty | * |
| Node-handlebars | Ubuntu | upstream | * |
| OpenShift Logging 5.1 | RedHat | openshift-logging/kibana6-rhel8:v6.8.1-48 | * |
| OpenShift Logging 5.2 | RedHat | openshift-logging/kibana6-rhel8:v6.8.1-47 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 | RedHat | rhacm2/application-ui-rhel8:v2.3.0-120 | * |
| Red Hat OpenShift Container Platform 4.6 | RedHat | openshift4/ose-logging-kibana6:v4.6.0-202106181629.p0.git.40f3e72 | * |
| RHPAM 7.13.1 async | RedHat | handlebars | * |