3 matches found
@1023-ventures/basalt (>=0.5.0 <=0.7.6), @4c/docusaurus-preset (>=0.2.4 <=0.3.2) +218 more potentially affected by CVE-2022-25967 via eta (>=1.12.1 <=1.14.2)
eta NPM version =1.12.1, =0.5.0, =0.2.4, =0.0.2, =0.0.1, =0.3.9, =1.0.0, =2.1.27, =1.1.6, =2.1.0, =0.0.37, =0.1.2 and more Source cves: CVE-2022-25967 Source advisory: OSV:GHSA-MF6X-HRGR-658F...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
The CVE-2022-25967 issue affects the ETA npm package prior to 2.0.0. An RCE vulnerability arises by overwriting template engine configuration variables with view options received from the Express render API, exploitable only when rendering templates with user-supplied data. Remediation: upgrade E...