NodeJS/ejs/2.2.2
Embedded JavaScript templates
https://www.npmjs.com/package/ejs
Apache-2.0
5 Security Vulnerabilities
ejs is vulnerable to remote code execution due to weak input validation
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile()
function
ejs vulnerable to DoS due to weak input validation
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in ejs.renderFile()
ejs lacks certain pollution protection
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
mde ejs vulnerable to XSS
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile()
resulting in code injection
ejs template injection vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2022-29078
- https://eslam.io/posts/ejs-server-side-template-injection-rce/
- https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf
- https://github.com/advisories/GHSA-phwq-j96m-2c2q
- https://github.com/mde/ejs/releases
- https://security.netapp.com/advisory/ntap-20220804-0001/
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
75 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
3.1.10 | Apache-2.0 | 2024-04-12 - 15:23 | 26 days | |
3.1.9 | Apache-2.0 | 1 | 2023-03-12 - 19:29 | about 1 year |
3.1.8 | Apache-2.0 | 1 | 2022-05-11 - 18:55 | almost 2 years |
3.1.7 | Apache-2.0 | 1 | 2022-04-20 - 16:41 | about 2 years |
3.1.6 | Apache-2.0 | 2 | 2021-02-06 - 20:28 | about 3 years |
3.1.5 | Apache-2.0 | 2 | 2020-08-17 - 16:01 | over 3 years |
3.1.4 | Apache-2.0 | 2 | 2020-08-17 - 15:59 | over 3 years |
3.1.3 | Apache-2.0 | 2 | 2020-05-17 - 07:00 | almost 4 years |
3.1.2 | Apache-2.0 | 2 | 2020-04-24 - 04:27 | about 4 years |
3.0.2 | Apache-2.0 | 2 | 2020-03-29 - 18:40 | about 4 years |
3.0.1 | Apache-2.0 | 2 | 2019-11-24 - 01:43 | over 4 years |
2.7.4 | Apache-2.0 | 2 | 2019-11-19 - 19:16 | over 4 years |
2.7.3 | Apache-2.0 | 2 | 2019-11-19 - 02:00 | over 4 years |
2.7.2 | Apache-2.0 | 2 | 2019-11-13 - 20:52 | over 4 years |
2.7.1 | Apache-2.0 | 2 | 2019-09-02 - 19:31 | over 4 years |
2.6.2 | Apache-2.0 | 2 | 2019-06-15 - 15:26 | almost 5 years |
2.6.1 | Apache-2.0 | 2 | 2018-05-05 - 18:52 | about 6 years |
2.5.9 | Apache-2.0 | 2 | 2018-04-19 - 03:13 | about 6 years |
2.5.8 | Apache-2.0 | 2 | 2018-03-26 - 00:25 | about 6 years |
2.5.7 | Apache-2.0 | 2 | 2017-07-30 - 03:30 | almost 7 years |
2.5.6 | Apache-2.0 | 2 | 2017-02-16 - 20:43 | about 7 years |
2.5.5 | Apache-2.0 | 2 | 2016-12-06 - 08:05 | over 7 years |
2.5.4 | Apache-2.0 | 4 | 2016-12-05 - 22:09 | over 7 years |
2.5.3 | Apache-2.0 | 4 | 2016-11-28 - 21:18 | over 7 years |
2.5.2 | Apache-2.0 | 5 | 2016-09-07 - 14:46 | over 7 years |
2.5.1 | Apache-2.0 | 5 | 2016-07-25 - 17:21 | almost 8 years |
2.4.2 | Apache-2.0 | 5 | 2016-05-24 - 19:20 | almost 8 years |
2.4.1 | Apache-2.0 | 5 | 2016-01-24 - 05:07 | over 8 years |
2.3.4 | Apache-2.0 | 5 | 2015-09-07 - 04:06 | over 8 years |
2.3.3 | Apache-2.0 | 5 | 2015-07-11 - 20:10 | almost 9 years |
2.3.2 | Apache-2.0 | 5 | 2015-06-29 - 00:23 | almost 9 years |
2.3.1 | Apache-2.0 | 5 | 2015-02-23 - 01:25 | about 9 years |
2.2.4 | Apache-2.0 | 5 | 2015-02-01 - 18:31 | over 9 years |
2.2.3 | Apache-2.0 | 5 | 2015-01-23 - 23:52 | over 9 years |
2.2.2 | Apache-2.0 | 5 | 2015-01-21 - 22:30 | over 9 years |
2.2.1 | Apache-2.0 | 5 | 2015-01-20 - 06:11 | over 9 years |
2.1.4 | Apache-2.0 | 5 | 2015-01-12 - 19:08 | over 9 years |
2.1.3 | Apache-2.0 | 5 | 2015-01-12 - 03:10 | over 9 years |
2.1.2 | Apache-2.0 | 5 | 2015-01-11 - 20:16 | over 9 years |
2.1.1 | Apache-2.0 | 5 | 2015-01-11 - 17:55 | over 9 years |
2.0.8 | Apache-2.0 | 5 | 2015-01-06 - 21:03 | over 9 years |
2.0.7 | Apache-2.0 | 5 | 2015-01-05 - 20:52 | over 9 years |
2.0.6 | Apache-2.0 | 5 | 2015-01-05 - 00:45 | over 9 years |
2.0.5 | Apache-2.0 | 5 | 2015-01-04 - 23:22 | over 9 years |
2.0.4 | Apache-2.0 | 5 | 2015-01-04 - 23:19 | over 9 years |
2.0.3 | Apache-2.0 | 5 | 2015-01-04 - 18:50 | over 9 years |
2.0.2 | Apache-2.0 | 5 | 2015-01-04 - 07:05 | over 9 years |
1.0.0 | Apache-2.0 | 5 | 2014-03-24 - 16:32 | about 10 years |
0.8.8 | Apache-2.0 | 5 | 2014-03-24 - 16:29 | about 10 years |
0.8.6 | Apache-2.0 | 5 | 2014-03-21 - 16:10 | about 10 years |
0.8.5 | Apache-2.0 | 5 | 2013-11-22 - 00:20 | over 10 years |
0.8.4 | Apache-2.0 | 5 | 2013-05-08 - 16:40 | almost 11 years |
0.8.3 | Apache-2.0 | 5 | 2012-09-13 - 17:39 | over 11 years |
0.8.2 | Apache-2.0 | 5 | 2012-08-16 - 16:10 | over 11 years |
0.8.1 | Apache-2.0 | 5 | 2012-08-11 - 19:08 | over 11 years |
0.8.0 | Apache-2.0 | 5 | 2012-07-25 - 15:47 | almost 12 years |
0.7.2 | Apache-2.0 | 5 | 2012-06-22 - 15:23 | almost 12 years |
0.7.1 | Apache-2.0 | 5 | 2012-03-26 - 15:49 | about 12 years |
0.7.0 | Apache-2.0 | 5 | 2012-03-25 - 03:22 | about 12 years |
0.6.1 | Apache-2.0 | 5 | 2011-12-10 - 00:03 | over 12 years |
0.6.0 | Apache-2.0 | 5 | 2011-12-09 - 23:53 | over 12 years |
0.5.0 | Apache-2.0 | 5 | 2011-11-20 - 19:57 | over 12 years |
0.4.3 | Apache-2.0 | 5 | 2011-06-20 - 15:43 | almost 13 years |
0.4.2 | Apache-2.0 | 5 | 2011-05-11 - 16:41 | almost 13 years |
0.4.1 | Apache-2.0 | 5 | 2011-04-21 - 16:12 | about 13 years |
0.4.0 | Apache-2.0 | 5 | 2011-04-21 - 15:38 | about 13 years |
0.3.1 | Apache-2.0 | 5 | 2011-02-24 - 03:08 | about 13 years |
0.3.0 | Apache-2.0 | 5 | 2011-02-14 - 21:15 | about 13 years |
0.2.1 | Apache-2.0 | 5 | 2011-02-14 - 21:15 | about 13 years |
0.2.0 | Apache-2.0 | 5 | 2011-02-14 - 21:15 | about 13 years |
0.1.0 | Apache-2.0 | 5 | 2011-02-14 - 21:15 | about 13 years |
0.0.4 | Apache-2.0 | 5 | 2011-02-14 - 21:15 | about 13 years |
0.0.3 | Apache-2.0 | 5 | 2011-02-14 - 21:15 | about 13 years |
0.0.2 | Apache-2.0 | 5 | 2011-02-14 - 21:15 | about 13 years |
0.0.1 | Apache-2.0 | 5 | 2011-02-14 - 21:15 | about 13 years |