Vulnerabilities > Handlebars JS Project > Handlebars JS > 1.1.1

DATE CVE VULNERABILITY TITLE RISK
2019-12-20 CVE-2019-19919 Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution.
network
low complexity
handlebars-js-project tenable
7.5
2017-01-23 CVE-2015-8861 Cross-site Scripting vulnerability in Handlebars.Js Project Handlebars.Js
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
4.3