| Release | Version |
|---|---|
| jessie | 1.3.0-1 |
| stretch | 3:4.0.5-4 |
| Bug | jessie | stretch | Description |
|---|---|---|---|
| CVE-2021-23383 | fixed | vulnerable (no DSA, postponed) | The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ... |
| CVE-2021-23369 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | The package handlebars before 4.7.7 are vulnerable to Remote Code Exec ... |
| CVE-2019-20920 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ... |
| Bug | jessie | stretch | Description |
|---|---|---|---|
| TEMP-0000000-345A3B | vulnerable | vulnerable | handlebars: quoteless attributes in templates can lead to content injection |
| Bug | Description |
|---|---|
| CVE-2019-20922 | Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ... |