search

mde / ejs

Embedded JavaScript templates -- http://ejs.co
Apache License 2.0
7.66k stars 834 forks source link

ejs v3.1.9 is vulnerable to server-side template Injection #736

Closed saimanepalli closed 1 year ago

saimanepalli commented 1 year ago

Please help me to fix the ejs v3.1.9 is vulnerable to server-side template Injection. I have gone through all the links but they don't have valid fix. https://github.com/advisories/GHSA-j5pp-6f4w-r5r6

mde commented 1 year ago

There is already a ticket for this:

https://github.com/mde/ejs/issues/720

It is not a vulnerability. We are waiting for them to remove this report. It is not valid.