cbcvebase.

Debian Node-Ejs vulnerabilities

5 known vulnerabilities affecting debian/node-ejs.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-29078P1CRITICALCVSS 9.8ExploitedPoCfixed in node-ejs 3.1.7-1 (bookworm)2022
CVE-2022-29078 [CRITICAL] CVE-2022-29078: node-ejs - The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows ser... The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). Scope: local bookworm: resolved (fixed in 3.1.7-1
debian
CVE-2017-1000228P2CRITICALCVSS 9.8fixed in node-ejs 2.5.7-1 (bookworm)2017
CVE-2017-1000228 [CRITICAL] CVE-2017-1000228: node-ejs - nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due ... nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function Scope: local bookworm: resolved (fixed in 2.5.7-1) bullseye: resolved (fixed in 2.5.7-1) forky: resolved (fixed in 2.5.7-1) sid: resolved (fixed in 2.5.7-1) trixie: resolved (fixed in 2.5.7-1)
debian
CVE-2017-1000189P3HIGHCVSS 7.5fixed in node-ejs 2.5.7-1 (bookworm)2017
CVE-2017-1000189 [HIGH] CVE-2017-1000189: node-ejs - nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to ... nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() Scope: local bookworm: resolved (fixed in 2.5.7-1) bullseye: resolved (fixed in 2.5.7-1) forky: resolved (fixed in 2.5.7-1) sid: resolved (fixed in 2.5.7-1) trixie: resolved (fixed in 2.5.7-1)
debian
CVE-2017-1000188P4MEDIUMCVSS 6.1fixed in node-ejs 2.5.7-1 (bookworm)2017
CVE-2017-1000188 [MEDIUM] CVE-2017-1000188: node-ejs - nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in t... nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection Scope: local bookworm: resolved (fixed in 2.5.7-1) bullseye: resolved (fixed in 2.5.7-1) forky: resolved (fixed in 2.5.7-1) sid: resolved (fixed in 2.5.7-1) trixie: resolved (fixed in 2.5.7-1)
debian
CVE-2024-33883P4MEDIUMCVSS 4.0fixed in node-ejs 3.1.10+~3.1.5-1 (forky)2024
CVE-2024-33883 [MEDIUM] CVE-2024-33883: node-ejs - The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js la... The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.1.10+~3.1.5-1) sid: resolved (fixed in 3.1.10+~3.1.5-1) trixie: resolved (fixed in 3.1.10+~3.1.5-1)
debian
Debian Node-Ejs vulnerabilities | cvebase