Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ejs Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29078 1 Ejs 1 Ejs 2022-11-09 7.5 HIGH 9.8 CRITICAL
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
CVE-2017-1000228 1 Ejs 1 Ejs 2017-11-30 10.0 HIGH 9.8 CRITICAL
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
CVE-2017-1000189 1 Ejs 1 Ejs 2017-11-30 5.0 MEDIUM 7.5 HIGH
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
CVE-2017-1000188 1 Ejs 1 Ejs 2017-11-30 4.3 MEDIUM 6.1 MEDIUM
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection