ejs is vulnerable to remote code execution due to weak input validation
- Severity:
- High
Description
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
Recommendation
Update the ejs package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.5.3
- Patched version(s): 2.5.5
References
Related Issues
- Volto affected by possible DoS by invoking specific URL by anonymous user - CVE-2025-58047
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 3 - CVE-2024-52810
- @intlify/shared Prototype Pollution vulnerability (GHSA-hjwq-mjwj-4x6c) 2 - CVE-2024-52810
- angular-base64-upload vulnerable to unauthenticated remote code execution - CVE-2024-42640
- Tags:
- npm
- ejs
Anything's wrong? Let us know Last updated on September 08, 2023