handlebars is vulnerable to arbitrary code execution. The lookup helper does not properly validate templates, allowing the execution of JavaScript code in templates. This vulnerability exists due to an incomplete fix for https://www.sourceclear.com/vulnerability-database/security/arbitrary-code-execution/javascript/sid-21954/summary.