{
  "schema_version": "1.4.0",
  "id": "GHSA-6r5x-hmgg-7h53",
  "modified": "2019-12-20T02:08:50Z",
  "published": "2019-07-15T19:46:01Z",
  "withdrawn": "2019-07-15T19:46:01Z",
  "aliases": [],
  "summary": "Remote code execution in Handlebars.js",
  "details": "Handlebars.js before 4.1.0 has Remote Code Execution (RCE)",
  "severity": [],
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "handlebars"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/wycats/handlebars.js/issues/1267#issue-187151586"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wycats/handlebars.js/commit/edc6220d51139b32c28e51641fadad59a543ae57"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2019-07-03T20:19:30Z",
    "nvd_published_at": null
  }
}