Vulnerabilities > EJS > EJS > 2.2.2

DATE CVE VULNERABILITY TITLE RISK
2017-11-17 CVE-2017-1000228 Improper Input Validation vulnerability in EJS
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
network
low complexity
ejs CWE-20
critical
 9.8
9.8
2017-11-17 CVE-2017-1000189 Improper Input Validation vulnerability in EJS
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
network
low complexity
ejs CWE-20
7.5
7.5
2017-11-17 CVE-2017-1000188 Cross-site Scripting vulnerability in EJS
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
network
low complexity
ejs CWE-79
6.1
6.1