Fix CVE–2021–23383

[debricked-staging]

CVE–2021–23383

Vulnerability details

Description

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

NVD

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

GitHub

Prototype Pollution in handlebars

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

GitLab Advisory Database (Open Source Edition)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

CVSS details - 9.8

 

CVSS3 metrics
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity	High
Availability	High

References

    NVD - CVE-2021-23383
    npm/handlebars/CVE-2021-23383.yml · main · GitLab.org / GitLab Advisory Database Open Source Edition · GitLab
    Prototype Pollution in handlebars · CVE-2021-23383 · GitHub Advisory Database · GitHub
    fix: escape property names in compat mode (#1736) · handlebars-lang/handlebars.js@f058970 · GitHub
    CVE-2021-23383 Node.js Vulnerability in NetApp Products | NetApp Product Security
    handlebars - npm

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE