Vulnerabilities > ETA JS

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-23630 Unspecified vulnerability in Eta.Js ETA
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser.
network
low complexity
eta-js
6.1
2023-01-30 CVE-2022-25967 Unspecified vulnerability in Eta.Js ETA
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.
network
low complexity
eta-js
8.8