Description
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
Remediation
References
http://www.securityfocus.com/bid/101897
https://snyk.io/vuln/npm:ejs:20161128
Related Vulnerabilities
CVE-2018-1000620 Vulnerability in npm package cryptiles
CVE-2016-10539 Vulnerability in maven package org.webjars.npm:negotiator
CVE-2022-25171 Vulnerability in npm package p4
CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-broker
CVE-2020-7020 Vulnerability in maven package org.elasticsearch:elasticsearch