Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-1000228

Published: 17/11/2017 Updated: 30/11/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Ejs

Vulnerability Summary

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function

Vulnerable Product Search on Vulmon Subscribe to Product

ejs ejs

Github Repositories

https://github.com/ezmac/lab-computer-availability

Computer availability script written for Mississippi State University Libraries

This project is defunct; I'm leaving it because it can give you a huge head start to reproduce something similar, but don't use as is It contains vulnerabilities Github has flagged the EJS dependency as having the following vulnerabilities: CVE-2017-1000188 - Moderate severity CVE-2017-1000189 - High severity CVE-2017-1000228 - High severity You have been warned

References

CWE-20https://snyk.io/vuln/npm:ejs:20161128http://www.securityfocus.com/bid/101897https://nvd.nist.govhttps://github.com/ezmac/lab-computer-availability
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook