NodeJS/ejs/2.7.4

Embedded JavaScript templates

Repo Link: https://www.npmjs.com/package/ejs
License: Apache-2.0

1 Security Vulnerabilities

ejs template injection vulnerability

Published date: 2022-04-26T00:00:40Z

CVE: CVE-2022-29078

Links:

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

Affected versions: ["0.0.1", "0.0.2", "0.0.3", "0.0.4", "0.1.0", "0.2.0", "0.2.1", "0.3.0", "0.3.1", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.5.0", "0.6.0", "0.6.1", "0.7.0", "0.7.1", "0.7.2", "0.8.0", "0.8.1", "0.8.2", "0.8.3", "0.8.4", "0.8.5", "0.8.6", "0.8.8", "1.0.0", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "2.0.6", "2.0.7", "2.0.8", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.2.1", "2.2.2", "2.2.3", "2.2.4", "2.3.1", "2.3.2", "2.3.3", "2.3.4", "2.4.1", "2.4.2", "2.5.1", "2.5.2", "2.5.3", "2.5.4", "2.5.5", "2.5.6", "2.5.7", "2.5.8", "2.5.9", "2.6.1", "2.6.2", "2.7.1", "2.7.2", "2.7.3", "2.7.4", "3.0.1", "3.0.2", "3.1.2", "3.1.3", "3.1.4", "3.1.5", "3.1.6"]

Secure versions: [3.1.7, 3.1.8, 3.1.9, 3.1.10]

Recommendation: Update to version 3.1.10.

75 Other Versions

Version	License	Security	Released
3.1.10	Apache-2.0		2024-04-12 - 15:23	15 days
3.1.9	Apache-2.0		2023-03-12 - 19:29	about 1 year
3.1.8	Apache-2.0		2022-05-11 - 18:55	almost 2 years
3.1.7	Apache-2.0		2022-04-20 - 16:41	about 2 years
3.1.6	Apache-2.0	1	2021-02-06 - 20:28	about 3 years
3.1.5	Apache-2.0	1	2020-08-17 - 16:01	over 3 years
3.1.4	Apache-2.0	1	2020-08-17 - 15:59	over 3 years
3.1.3	Apache-2.0	1	2020-05-17 - 07:00	almost 4 years
3.1.2	Apache-2.0	1	2020-04-24 - 04:27	about 4 years
3.0.2	Apache-2.0	1	2020-03-29 - 18:40	about 4 years
3.0.1	Apache-2.0	1	2019-11-24 - 01:43	over 4 years
2.7.4	Apache-2.0	1	2019-11-19 - 19:16	over 4 years
2.7.3	Apache-2.0	1	2019-11-19 - 02:00	over 4 years
2.7.2	Apache-2.0	1	2019-11-13 - 20:52	over 4 years
2.7.1	Apache-2.0	1	2019-09-02 - 19:31	over 4 years
2.6.2	Apache-2.0	1	2019-06-15 - 15:26	almost 5 years
2.6.1	Apache-2.0	1	2018-05-05 - 18:52	almost 6 years
2.5.9	Apache-2.0	1	2018-04-19 - 03:13	about 6 years
2.5.8	Apache-2.0	1	2018-03-26 - 00:25	about 6 years
2.5.7	Apache-2.0	1	2017-07-30 - 03:30	over 6 years
2.5.6	Apache-2.0	1	2017-02-16 - 20:43	about 7 years
2.5.5	Apache-2.0	1	2016-12-06 - 08:05	over 7 years
2.5.4	Apache-2.0	3	2016-12-05 - 22:09	over 7 years
2.5.3	Apache-2.0	3	2016-11-28 - 21:18	over 7 years
2.5.2	Apache-2.0	4	2016-09-07 - 14:46	over 7 years
2.5.1	Apache-2.0	4	2016-07-25 - 17:21	almost 8 years
2.4.2	Apache-2.0	4	2016-05-24 - 19:20	almost 8 years
2.4.1	Apache-2.0	4	2016-01-24 - 05:07	over 8 years
2.3.4	Apache-2.0	4	2015-09-07 - 04:06	over 8 years
2.3.3	Apache-2.0	4	2015-07-11 - 20:10	almost 9 years
2.3.2	Apache-2.0	4	2015-06-29 - 00:23	almost 9 years
2.3.1	Apache-2.0	4	2015-02-23 - 01:25	about 9 years
2.2.4	Apache-2.0	4	2015-02-01 - 18:31	about 9 years
2.2.3	Apache-2.0	4	2015-01-23 - 23:52	over 9 years
2.2.2	Apache-2.0	4	2015-01-21 - 22:30	over 9 years
2.2.1	Apache-2.0	4	2015-01-20 - 06:11	over 9 years
2.1.4	Apache-2.0	4	2015-01-12 - 19:08	over 9 years
2.1.3	Apache-2.0	4	2015-01-12 - 03:10	over 9 years
2.1.2	Apache-2.0	4	2015-01-11 - 20:16	over 9 years
2.1.1	Apache-2.0	4	2015-01-11 - 17:55	over 9 years
2.0.8	Apache-2.0	4	2015-01-06 - 21:03	over 9 years
2.0.7	Apache-2.0	4	2015-01-05 - 20:52	over 9 years
2.0.6	Apache-2.0	4	2015-01-05 - 00:45	over 9 years
2.0.5	Apache-2.0	4	2015-01-04 - 23:22	over 9 years
2.0.4	Apache-2.0	4	2015-01-04 - 23:19	over 9 years
2.0.3	Apache-2.0	4	2015-01-04 - 18:50	over 9 years
2.0.2	Apache-2.0	4	2015-01-04 - 07:05	over 9 years
1.0.0	Apache-2.0	4	2014-03-24 - 16:32	about 10 years
0.8.8	Apache-2.0	4	2014-03-24 - 16:29	about 10 years
0.8.6	Apache-2.0	4	2014-03-21 - 16:10	about 10 years
0.8.5	Apache-2.0	4	2013-11-22 - 00:20	over 10 years
0.8.4	Apache-2.0	4	2013-05-08 - 16:40	almost 11 years
0.8.3	Apache-2.0	4	2012-09-13 - 17:39	over 11 years
0.8.2	Apache-2.0	4	2012-08-16 - 16:10	over 11 years
0.8.1	Apache-2.0	4	2012-08-11 - 19:08	over 11 years
0.8.0	Apache-2.0	4	2012-07-25 - 15:47	almost 12 years
0.7.2	Apache-2.0	4	2012-06-22 - 15:23	almost 12 years
0.7.1	Apache-2.0	4	2012-03-26 - 15:49	about 12 years
0.7.0	Apache-2.0	4	2012-03-25 - 03:22	about 12 years
0.6.1	Apache-2.0	4	2011-12-10 - 00:03	over 12 years
0.6.0	Apache-2.0	4	2011-12-09 - 23:53	over 12 years
0.5.0	Apache-2.0	4	2011-11-20 - 19:57	over 12 years
0.4.3	Apache-2.0	4	2011-06-20 - 15:43	almost 13 years
0.4.2	Apache-2.0	4	2011-05-11 - 16:41	almost 13 years
0.4.1	Apache-2.0	4	2011-04-21 - 16:12	about 13 years
0.4.0	Apache-2.0	4	2011-04-21 - 15:38	about 13 years
0.3.1	Apache-2.0	4	2011-02-24 - 03:08	about 13 years
0.3.0	Apache-2.0	4	2011-02-14 - 21:15	about 13 years
0.2.1	Apache-2.0	4	2011-02-14 - 21:15	about 13 years
0.2.0	Apache-2.0	4	2011-02-14 - 21:15	about 13 years
0.1.0	Apache-2.0	4	2011-02-14 - 21:15	about 13 years
0.0.4	Apache-2.0	4	2011-02-14 - 21:15	about 13 years
0.0.3	Apache-2.0	4	2011-02-14 - 21:15	about 13 years
0.0.2	Apache-2.0	4	2011-02-14 - 21:15	about 13 years
0.0.1	Apache-2.0	4	2011-02-14 - 21:15	about 13 years