125 matches found
nodejs ejs remote code execution vulnerability
nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A remote code execution vulnerability exists in the 'ejs.renderFile' function in versions of nodejs ejs prior to 2.5.3, which stems from weak input validation. A remote attacker could...
Cross-Site Scripting (XSS)
ejs is vulnerable to cross-site scripting XSS attacks. A malicious user can edit the localNames variable in the OPTS array which renders any arbitrary javascript in that variable...
Denial of Service (DoS)
Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Denial of Service by letting the attacker under certain conditions control and override the localNames option causing it to crash. You can read more about this vulnerability on the Snyk blog...
Cross-site Scripting (XSS)
Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Cross-site Scripting by letting the attacker under certain conditions control and override the filename option causing it to render the value as is, without escaping it. You can read more...
Remote Code Execution (RCE)
Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Remote Code Execution by letting the attacker under certain conditions control the source folder from which the engine renders include files. You can read more about this vulnerability on th...