Handlebars-Lang Handlebars.Js vulnerabilities
6 known vulnerabilities affecting handlebars-lang/handlebars.js.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-33937CRITICALCVSS 9.8v>= 4.0.0, < 4.7.92026-03-27
CVE-2026-33937 [CRITICAL] CWE-94 CVE-2026-33937: Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into the generated JavaScript without quoting or sanitization. An attacker who ca
cvelistv5nvd
CVE-2026-33939HIGHCVSS 7.5v>= 4.0.0, < 4.7.92026-03-27
CVE-2026-33939 [HIGH] CWE-754 CVE-2026-33939: Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls `lookupProperty(decorators, "n")`, which returns `undefined`. The runtime then immediately invokes the re
cvelistv5nvd
CVE-2026-33940HIGHCVSS 8.1v>= 4.0.0, < 4.7.92026-03-27
CVE-2026-33940 [HIGH] CWE-94 CVE-2026-33940: Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to return `undefined`. The Handlebars runtime then treats the unresolved partial as a source that needs to be
cvelistv5nvd
CVE-2026-33941HIGHCVSS 8.2v>= 4.0.0, < 4.7.92026-03-27
CVE-2026-33941 [HIGH] CWE-79 CVE-2026-33941: Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An atta
cvelistv5nvd
CVE-2026-33938HIGHCVSS 8.1v>= 4.0.0, < 4.7.92026-03-27
CVE-2026-33938 [HIGH] CWE-94 CVE-2026-33938: Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites `@partial-block` with a crafted Handlebars AS
cvelistv5nvd
CVE-2026-33916MEDIUMCVSS 4.7v>= 4.0.0, < 4.7.92026-03-27
CVE-2026-33916 [MEDIUM] CWE-79 CVE-2026-33916: Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 thr
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via a plain property lookup on `options.partials` without guarding against prototype-chain traversal. When `Object.prototype` has been polluted with a string value whose ke
cvelistv5nvd