UBUNTU-CVE-2017-9031

The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...

Denial of Service (DoS)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Denial of Service by letting the attacker under certain conditions control and override the localNames option causing it to crash. You can read more about this vulnerability on the Snyk blog...

Cross-site Scripting (XSS)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Cross-site Scripting by letting the attacker under certain conditions control and override the filename option causing it to render the value as is, without escaping it. You can read more...

Remote Code Execution (RCE)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Remote Code Execution by letting the attacker under certain conditions control the source folder from which the engine renders include files. You can read more about this vulnerability on th...