Skip to main content

Ejs

5 CVEs product

Monthly

CVE-2023-29827 CRITICAL POC Act Now

ejs v3.1.9 is vulnerable to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ejs
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2022-29078 npm CRITICAL POC PATCH THREAT Act Now

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Command Injection Node.js Ejs
NVD GitHub
CVSS 3.1
9.8
EPSS
32.8%
CVE-2017-1000228 npm CRITICAL POC PATCH Act Now

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Ejs
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2017-1000189 npm HIGH PATCH This Week

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ejs
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-1000188 npm MEDIUM PATCH This Month

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ejs
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

ejs v3.1.9 is vulnerable to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ejs
NVD GitHub
EPSS 33% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Command Injection +2
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC PATCH Act Now

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Ejs
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ejs
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ejs
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy