Description
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
Remediation
References
http://www.securityfocus.com/bid/101897
https://snyk.io/vuln/npm:ejs:20161128
Related Vulnerabilities
CVE-2021-23411 Vulnerability in npm package anchorme
CVE-2021-23386 Vulnerability in npm package dns-packet
CVE-2022-31160 Vulnerability in npm package jquery-ui
CVE-2018-3721 Vulnerability in maven package org.webjars:lodash
CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework