cbcvebase.
CVE-2022-25967
published 2023-01-30

CVE-2022-25967: Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.99%
78.2th percentile
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.

Affected

2 ranges
VendorProductVersion rangeFixed in
eta.jseta< 2.0.02.0.0
eta.jseta>= 0 < 2.0.02.0.0

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable versions of the 'eta' npm package (before 2.0.0) allow RCE via overwriting template engine configuration variables with user-supplied view options passed through the Express render API
  • Exploitation is only possible when templates are rendered with user-defined/user-controlled data; monitor Express render API calls where user input is passed as view options
  • ·The vulnerability requires user-controlled data to be passed into the Express render API view options; deployments not exposing template rendering to user input are not affected
  • ·The OpenShift Developer Tools package 'odo' which depends on eta is marked 'Will not fix' by Red Hat

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.