Shopping Cart

No products in the cart.

Quality Clouds Community
Quality Clouds Community

Handlebars – Prototype Pollution Vulnerability On Versions Greater Than Or Equal To 3.0.0 And Less Than 3.0.7

< 1 min read

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource

Rule number #

SN-JSL-HANDLEBARS-BETWEEN-V2990-V307 (for ServiceNow)

SF-JSL-HANDLEBARS-BETWEEN-V2990-V307 (for Salesforce)

Impact #

This vulnerability is due to an incomplete fix for: Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.

Remediation

Update the Handlebars JS library to version 3.0.7, 4.1.2, 4.0.14 or higher.

Time to fix #

30 min

References #

This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).

Updated on March 21, 2025
Table of contents
Was it helpful ?

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .