Vulnerabilities > EJS > EJS > 3.1.6

DATE CVE VULNERABILITY TITLE RISK
2022-04-25 CVE-2022-29078 Code Injection vulnerability in EJS 3.1.6
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName].
network
low complexity
ejs CWE-94
critical
 9.8
9.8