Security Advisory

CVE-2022-29078

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-04-25 14:13:32

Last updated 2024-08-03 06:10:58

Assigner mitre

State PUBLISHED

Description

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

← Browse all CVEs View on cve.org ↗