Nils Knappmeier

4 exploits Active since Sep 2020
CVE-2021-23369 WRITEUP MEDIUM WRITEUP
handlebars < 4.7.7 - Remote Code Execution via Untrusted Template Compilation
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS 5.6
CVE-2021-23369 WRITEUP MEDIUM WRITEUP
handlebars < 4.7.7 - Remote Code Execution via Untrusted Template Compilation
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS 5.6
CVE-2021-23383 WRITEUP MEDIUM WRITEUP
handlebars < 4.7.7 - Prototype Pollution via Template Compilation
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS 5.6
CVE-2019-20922 WRITEUP HIGH WRITEUP
Handlebars 4.0.0-4.4.4 - Regular Expression Denial of Service via Eager Matching
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.
CVSS 7.5