Lucene search

K
cvelistMitreCVELIST:CVE-2022-29078
HistoryApr 25, 2022 - 2:13 p.m.

CVE-2022-29078

2022-04-2514:13:32
mitre
www.cve.org

9.9 High

AI Score

Confidence

High

0.287 Low

EPSS

Percentile

96.9%

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

9.9 High

AI Score

Confidence

High

0.287 Low

EPSS

Percentile

96.9%