The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Node.js
Information Disclosure
NVD
GitHub
CVSS 3.1
4.0
EPSS
0.6%