ReportizFlow
Filtered by vendor Ejs
Subscriptions
Filtered by product Ejs
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000188 | 1 Ejs | 1 Ejs | 2025-04-20 | N/A |
| nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | ||||
| CVE-2017-1000189 | 1 Ejs | 1 Ejs | 2025-04-20 | N/A |
| nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | ||||
| CVE-2017-1000228 | 1 Ejs | 1 Ejs | 2025-04-20 | N/A |
| nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function | ||||
| CVE-2023-29827 | 1 Ejs | 1 Ejs | 2025-01-30 | 9.8 Critical |
| ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input. | ||||
| CVE-2022-29078 | 1 Ejs | 1 Ejs | 2024-11-21 | 9.8 Critical |
| The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | ||||
Page 1 of 1.