Описание
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | disputed |
| esm-apps/bionic | not-affected | disputed |
| esm-apps/focal | not-affected | disputed |
| esm-apps/jammy | not-affected | disputed |
| esm-apps/noble | not-affected | disputed |
| focal | not-affected | disputed |
| jammy | not-affected | disputed |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
Показывать по
9.8 Critical
CVSS3
Связанные уязвимости
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs ...
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.
9.8 Critical
CVSS3