Handlebars.js Project Security Vulnerabilities

CVE-2019-19919

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted...

CVE-2015-8861

The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not...