The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Handlebars | Handlebarsjs | * | 4.7.7 (excluding) |