VYPR
Unrated severityNVD Advisory· Published May 4, 2023· Updated Jan 29, 2025

CVE-2023-29827

CVE-2023-29827

Description

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ejs/Ejscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =3.1.9

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.