Description
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
Remediation
References
http://www.securityfocus.com/bid/101897
https://snyk.io/vuln/npm:ejs:20161128
Related Vulnerabilities
CVE-2022-22984 Vulnerability in npm package snyk-docker-plugin
CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem
CVE-2016-10690 Vulnerability in npm package openframe-ascii-image
CVE-2015-5298 Vulnerability in maven package org.jenkins-ci.plugins:google-login