ADVISORIES

• CVE-2021-23369 (NVD)
• GHSA-f2jv-r9rf-7988

GEM

handlebars-source

SEVERITY

CVSS v3.x: 9.8 (Critical)

PATCHED VERSIONS

• >= 4.7.7

DESCRIPTION

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23369.