VYPR

Ejs

by Ejs

npm: ejs

Source repositories

CVEs (5)

  • CVE-2017-1000228CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.06

    nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function

  • CVE-2017-1000189HigNov 17, 2017
    risk 0.42cvss 7.5epss 0.02

    nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()

  • CVE-2017-1000188MedNov 17, 2017
    risk 0.33cvss 6.1epss 0.01

    nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

  • CVE-2024-33883MedApr 28, 2024
    risk 0.19cvss 4.0epss 0.01

    The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

  • CVE-2023-29827May 4, 2023
    risk 0.05cvss epss 0.06

    ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended…