Package impact
npm / ejs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000228 | critical | 9.8 | 9.8 | 9y ago | nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function | |||
| CVE-2017-1000189 | high | 7.5 | 7.5 | 9y ago | nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | |||
| CVE-2017-1000188 | medium | 6.1 | 6.1 | 9y ago | nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection | |||
| CVE-2024-33883 | unknown | — | — | 2y ago | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. | |||
| CVE-2022-29078 | unknown | — | — | 4y ago | The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and ov… |