Lucene search
MitreCVELIST:CVE-2022-29078HistoryApr 25, 2022 - 2:13 p.m.
CVE-2022-29078
2022-04-2514:13:32
mitre
www.cve.org
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Related
redhatcve
redhatcve
CVE-2022-29078
2022-04-26 07:23:29
debiancve
debiancve
CVE-2022-29078
2022-04-25 15:15:49
githubexploit
githubexploit
Exploit for Code Injection in Ejs
2022-07-20 10:10:01
osv
osv
ejs template injection vulnerability
2022-04-26 00:00:40
CVE-2022-29078
2022-04-25 15:15:49
veracode
veracode
Server-Side Template Injection
2022-04-26 07:38:54
checkpoint_advisories
checkpoint_advisories
Reverse Shell Commands Over HTTP Payload (CVE-2022-29078)
2022-09-14 00:00:00
ibm
ibm
cve
cve
CVE-2022-29078
2022-04-25 15:15:49
ubuntucve
ubuntucve
CVE-2022-29078
2022-04-25 00:00:00
github
github
ejs template injection vulnerability
2022-04-26 00:00:40
prion
prion
Design/Logic Flaw
2022-04-25 15:15:00
nuclei
nuclei
Node.js Embedded JavaScript 3.1.6 - Template Injection
2022-07-19 11:08:32
nvd
nvd
CVE-2022-29078
2022-04-25 15:15:49
nessus
nessus
RHEL 8 : pcs (Unpatched Vulnerability)
2024-06-03 00:00:00
IBM Cognos Analytics Multiple Vulnerabilities (6616285)
2022-09-02 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00