VIR Vulnerability Intelligence Relay

Package impact

npm npm / ejs

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-1000228 critical 9.8 9.8 9y ago nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function debiannpm
CVE-2017-1000189 high 7.5 7.5 9y ago nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() debiannpm
CVE-2017-1000188 medium 6.1 6.1 9y ago nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection debiannpm
CVE-2024-33883 unknown 2y ago The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. debiannpm
CVE-2022-29078 unknown 4y ago The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and ov… debiannpm