{"source":1115544,"name":"handlebars","dependency":"handlebars","title":"Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection","url":"https://github.com/advisories/GHSA-2qvq-rjwj-gvw9","severity":"moderate","versions":["1.0.2-beta","1.0.4-beta","1.0.5-beta","1.0.6-2","1.0.6","1.0.7","1.0.8","1.0.9","1.0.10","1.0.11","1.0.12","1.1.0","1.1.1","1.1.2","1.2.0","1.2.1","1.3.0","2.0.0-alpha.1","2.0.0-alpha.2","2.0.0-alpha.3","2.0.0-alpha.4","2.0.0-beta.1","2.0.0","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.0.10","4.0.11","4.0.12","4.0.13","4.0.14","4.1.0","4.1.1","4.1.2-0","4.1.2","4.2.0","4.2.1","4.2.2","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.4.0","4.4.1","4.4.2","4.4.3","4.4.4","4.4.5","4.5.0","4.5.1","4.5.2","4.5.3","4.6.0","4.7.0","4.7.1","4.7.2","4.7.3","4.7.4","4.7.5","4.7.6","4.7.7","4.7.8","4.7.9"],"vulnerableVersions":["4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.0.10","4.0.11","4.0.12","4.0.13","4.0.14","4.1.0","4.1.1","4.1.2-0","4.1.2","4.2.0","4.2.1","4.2.2","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.4.0","4.4.1","4.4.2","4.4.3","4.4.4","4.4.5","4.5.0","4.5.1","4.5.2","4.5.3","4.6.0","4.7.0","4.7.1","4.7.2","4.7.3","4.7.4","4.7.5","4.7.6","4.7.7","4.7.8"],"cwe":["CWE-79","CWE-1321"],"cvss":{"score":4.7,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"},"range":">=4.0.0 <4.7.9","id":"APGtE8vU2wtrJ7lKSSZzHm5oGU3VR8gNgQo7OIfwXMGtO6AVOFnkgUxj6kYWtgFR59U5s+hzuGMAVkx81/Az8Q=="}