2 matches found
Astra Linux – Vulnerability in Node-EJS
The ejs also known as Embedded JavaScript templates package version 3.1.6 for Node.js enables server-side template injection in settings view optionsoutputFunctionName. This is parsed as an internal option, and the outputFunctionName option is overwritten with an arbitrary OS command which is...
The vulnerability of the outputFunctionName function in the Node.js web application framework allows a attacker to execute arbitrary commands.
The vulnerability of the outputFunctionName function in the Node.js web application framework is related to incorrect elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...