Filtered by vendor Ejs
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29078 | 1 Ejs | 1 Ejs | 2022-11-09 | 7.5 HIGH | 9.8 CRITICAL |
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | |||||
CVE-2017-1000228 | 1 Ejs | 1 Ejs | 2017-11-30 | 10.0 HIGH | 9.8 CRITICAL |
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function | |||||
CVE-2017-1000189 | 1 Ejs | 1 Ejs | 2017-11-30 | 5.0 MEDIUM | 7.5 HIGH |
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | |||||
CVE-2017-1000188 | 1 Ejs | 1 Ejs | 2017-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection |