itsKedar / TodoList_mern

0 stars 0 forks source link

CX: Cx35ef42d7-054c in Npm-ejs and 2.7.4 @ TodoList_mern.main #15

Open itsKedar opened 2 years ago

itsKedar commented 2 years ago

Description

ejs package before 3.1.6 is vulnerable to arbitrary code injection. The vulnerability exists due to improper input validation passed via the options parameter - the filename, compileDebug, and client option.

HIGH Vulnerable Package issue exists @ ejs in branch main

Vulnerability ID: Cx35ef42d7-054c

Package Name: ejs

Severity: HIGH

CVSS Score: 9.8

Publish Date: 2021-01-22T13:34:00

Current Package Version: 2.7.4

Remediation Upgrade Recommendation: 3.1.7

Link To SCA

itsKedar commented 2 years ago

Issue still exists.

itsKedar commented 2 years ago

Issue still exists.

itsKedar commented 2 years ago

Issue still exists.