VulnCheck KEV: CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon...

DEBIAN-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

UBUNTU-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

Github ejs 代码注入漏洞

Github ejs is an embedded JavaScript template. A code injection vulnerability exists in ejs version 3.1.6, which stems from server-side template injection being possible in settingsview optionsoutputFunctionName. This is parsed as an internal option and the outputFunctionName option is overridden...

PT-2022-3563

Name of the Vulnerable Software and Affected Versions ejs versions 3.1.6 Description The issue is related to the ejs package for Node.js, which allows server-side template injection in settingsview optionsoutputFunctionName. This can be parsed as an internal option and overwrites the...