ejs ejs vulnerabilities and exploits

(subscribe to this query)

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function

1 Github repository

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is exe...

7 Github repositories

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended ...

The ejs (aka Embedded JavaScript templates) package prior to 3.1.10 for Node.js lacks certain pollution protection.

On F5 BIG-IP 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, 13.1.x versions before 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reac...

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics F5 Big-ip Application Acceleration Manager F5 Big-ip Application Security Manager F5 Big-ip Domain Name System F5 Big-ip Fraud Protection Service F5 Big-ip Global Traffic Manager F5 Big-ip Link Controller F5 Big-ip Local Traffic Manager F5 Big-ip Policy Enforcement Manager

82 Github repositories4 Articles

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook