ejs package before 3.1.6 is vulnerable to arbitrary code injection. The vulnerability exists due to improper input validation passed via the options parameter - the filename, compileDebug, and client option.
HIGH Vulnerable Package issue exists @ ejs in branch main
Description
ejs package before 3.1.6 is vulnerable to arbitrary code injection. The vulnerability exists due to improper input validation passed via the options parameter - the filename, compileDebug, and client option.
HIGH Vulnerable Package issue exists @ ejs in branch main
Vulnerability ID: Cx35ef42d7-054c
Package Name: ejs
Severity: HIGH
CVSS Score: 9.8
Publish Date: 2021-01-22T13:34:00
Current Package Version: 2.7.4
Remediation Upgrade Recommendation: 3.1.7
Link To SCA