Description
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
Remediation
References
https://snyk.io/vuln/npm:ejs:20161128
http://www.securityfocus.com/bid/101897
Related Vulnerabilities
CVE-2022-22984 Vulnerability in npm package @snyk/snyk-hex-plugin
CVE-2020-8897 Vulnerability in maven package com.amazonaws:aws-encryption-sdk-java
CVE-2017-17868 Vulnerability in maven package com.liferay.portal:portal-service
CVE-2022-25349 Vulnerability in npm package materialize-css
CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote