EIQ-2019-0009#

ID	EIQ-2019-0009
CVE	-
Description	Handlebars.js enables prototype pollution
Date	15 Feb 2019
Severity	3 - HIGH
CVSSv3 score	CVSSv3 score not available on NIST NVD.
Status	✅ 2.3.4
Assessment	The Handlebars.js Node.js module versions 4.0.12 and earlier make it possible for an attacker to modify the `__proto__` accessor property. Modified properties are propagated through inheritance to all objects. This enables arbitrary adding or modifying object prototype properties, and arbitrary code execution on the targeted server.
Mitigation	Update to Handlebars.js 4.0.13 or later.
Affected versions	2.3.0 to 2.3.3 included.
Notes	For more information, see: npm advisory Prototype pollution affecting Handlebars.js package, versions < 4.0.13 GitHub commit CWE-471