nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101889 | Third Party Advisory VDB Entry |
https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-11-17 03:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-1000188
Mitre link : CVE-2017-1000188
CVE.ORG link : CVE-2017-1000188
JSON object : View
Products Affected
ejs
- ejs
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')