VYPR
High severity8.1NVD Advisory· Published Sep 30, 2020· Updated Jun 17, 2026

CVE-2019-20920

CVE-2019-20920

Description

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
handlebarsnpm
< 3.0.83.0.8
handlebarsnpm
>= 4.0.0, < 4.5.34.5.3

Affected products

114

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.