GHSA-3w5v-p54c-f74x

Source

https://github.com/advisories/GHSA-3w5v-p54c-f74x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/11/GHSA-3w5v-p54c-f74x/GHSA-3w5v-p54c-f74x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3w5v-p54c-f74x

Aliases

CVE-2017-1000228

Published

2017-11-30T23:15:19Z

Modified

2023-11-08T03:58:44.472757Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

ejs is vulnerable to remote code execution due to weak input validation

Details

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function

Database specific

{
    "github_reviewed_at": "2020-06-16T20:56:38Z",
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed": true,
    "nvd_published_at": null
}

References

Affected packages

npm / ejs

Package

Name: ejs; View open source insights on deps.dev
Purl: pkg:npm/ejs

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.5

Database specific

{
    "last_known_affected_version_range": "< 2.5.3"
}