Vulnerabilities > EJS > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-29827 Injection vulnerability in EJS 3.1.9
ejs v3.1.9 is vulnerable to server-side template injection.
network
low complexity
ejs CWE-74
critical
 9.8
9.8
2022-04-25 CVE-2022-29078 Code Injection vulnerability in EJS 3.1.6
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName].
network
low complexity
ejs CWE-94
critical
 9.8
9.8
2017-11-17 CVE-2017-1000228 Improper Input Validation vulnerability in EJS
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
network
low complexity
ejs CWE-20
critical
 9.8
9.8