Security alert: handlebars

manusa / isotope-mail

Isotope Mail Client

https://blog.marcnuri.com/isotope-mail-client-introduction/

Apache License 2.0

237 stars 44 forks source link

Security alert: handlebars #311

Closed manusa closed 5 years ago

manusa commented 5 years ago

WS-2019-0064 More information high severity Vulnerable versions: < 4.0.14 Patched version: 4.0.14 Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter > an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

manusa commented 5 years ago

Dependencies bumped in latest commits