Package impact
npm / ejs
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-1000189 | high | 7.5 | 7.5 | 9y ago | nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | |
| CVE-2017-1000188 | medium | 6.1 | 6.1 | 9y ago | nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection |