Описание
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-ejs | fixed | 3.1.7-1 | package | |
| node-ejs | fixed | 2.5.7-3+deb11u1 | bullseye | package |
| node-ejs | fixed | 2.5.7-1+deb10u1 | buster | package |
| node-ejs | end-of-life | stretch | package |
Примечания
https://eslam.io/posts/ejs-server-side-template-injection-rce/
https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf (v3.1.7)
Связанные уязвимости
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Уязвимость функции outputFunctionName каркаса веб-приложений ejs для Node. js, позволяющая нарушителю выполнить произвольные команды