Ejs
Products
1- Ejs5 CVEsnpm
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000228 | Cri | 0.64 | 9.8 | 0.06 | Nov 17, 2017 | nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function | ||
| CVE-2017-1000189 | Hig | 0.42 | 7.5 | 0.02 | Nov 17, 2017 | nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | ||
| CVE-2017-1000188 | Med | 0.33 | 6.1 | 0.01 | Nov 17, 2017 | nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | ||
| CVE-2024-33883 | Med | 0.19 | 4.0 | 0.01 | Apr 28, 2024 | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. | ||
| CVE-2023-29827 | 0.05 | — | 0.06 | May 4, 2023 | ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended… |
- risk 0.64cvss 9.8epss 0.06
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
- risk 0.42cvss 7.5epss 0.02
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
- risk 0.33cvss 6.1epss 0.01
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
- risk 0.19cvss 4.0epss 0.01
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
- CVE-2023-29827May 4, 2023risk 0.05cvss —epss 0.06
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended…