GMS-2020-728: Denial of Service in handlebars

September 3, 2020 (updated October 1, 2021)

Affected versions of handlebars are vulnerable to Denial of Service. The package’s parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.

Recommendation

Upgrade to version 4.4.5 or later.

References

github.com/advisories/GHSA-f52g-6jhx-586p
www.npmjs.com/advisories/1300

Code Behaviors & Features

Detect and mitigate GMS-2020-728 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →