handlebars.java FileTemplateLoader Path Traversal
Impact
Any application that passes user-controlled input to Handlebars.compile() using a FileTemplateLoader (or ClassPathTemplateLoader) is vulnerable to arbitrary file read. This is a realistic attack surface for web applications that use template names from URL path parameters, request parameters, or other user-controlled sources.Patches
com.github.jknack:handlebars:4.5.2Workarounds
Validate template name is derived from user input.
if (!file.getPath().startsWith(new File(prefix).getCanonicalPath())) {
throw new IOException("Path traversal attempt detected: " + location);
}