Security Advisory

CVE-2023-29827

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-04 00:00:00
Last updated 2025-01-29 20:47:30
Assigner mitre
State PUBLISHED

Description

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.