Lucene search

CVE-2022-25967

🗓️ 30 Jan 2023 05:10:15Reported by [email protected]Type

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2022-25967	30 Jan 202305:00	–	cvelist
OSV	CVE-2022-25967	30 Jan 202305:15	–	osv
OSV	GHSA-MF6X-HRGR-658F Eta vulnerable to Code Injection via templates rendered with user-defined data	30 Jan 202306:30	–	osv
Prion	Remote code execution	30 Jan 202305:15	–	prion
CVE	CVE-2022-25967	30 Jan 202305:15	–	cve
RedhatCVE	CVE-2022-25967	14 Mar 202305:13	–	redhatcve
Vulnrichment	CVE-2022-25967	30 Jan 202305:00	–	vulnrichment
Github Security Blog	Eta vulnerable to Code Injection via templates rendered with user-defined data	30 Jan 202306:30	–	github
Veracode	Remote Code Execution (RCE)	6 Feb 202305:11	–	veracode

Nvd

Node

eta.js etaRange<2.0.0node.js

Source	Link
security	www.security.snyk.io/vuln/SNYK-JS-ETA-2936803
github	www.github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182
github	www.github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd
github	www.github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 Jan 2023 05:15Current

8.4High risk

Vulners AI Score8.4

CVSS38.1 - 8.8

EPSS0.05024

CWE-94