CVE-2017-1000188

Опубликовано: 17 нояб. 2017

Источник: debian

Описание

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

Пакет	Статус	Версия исправления	Релиз	Тип
node-ejs	fixed	2.5.7-1		package
node-ejs	end-of-life		stretch	package

https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f (v2.5.4)

CVE-2017-1000188

CVSS3: 6.1

ubuntu

около 8 лет назад

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

CVE-2017-1000188

CVSS3: 6.1

redhat

около 9 лет назад

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

CVE-2017-1000188

CVSS3: 6.1

nvd

около 8 лет назад

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection

GHSA-hwcf-pp87-7x6p

CVSS3: 6.1

github

около 8 лет назад

mde ejs vulnerable to XSS