org.webjars.npm:ejs@2.6.1 vulnerabilities
-
latest version
3.1.8
-
first published
8 years ago
-
latest version published
a year ago
-
licenses detected
- [0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.npm:ejs package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
org.webjars.npm:ejs is a popular JavaScript templating engine. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the lack of certain pollution protection mechanisms. An attacker can exploit this vulnerability to manipulate object properties that should not be accessible or modifiable. Note: Even after updating to the fix version that adds enhanced protection against prototype pollution, it is still possible to override the How to fix Improper Control of Dynamically-Managed Code Resources? A fix was pushed into the |
[0,)
|
org.webjars.npm:ejs is a popular JavaScript templating engine. Affected versions of this package are vulnerable to Remote Code Execution (RCE) by passing an unrestricted render option via the Note: This vulnerability is exploitable only if the server is already vulnerable to Prototype Pollution. How to fix Remote Code Execution (RCE)? Upgrade |
[,3.1.8)
|
org.webjars.npm:ejs is a popular JavaScript templating engine. Affected versions of this package are vulnerable to Arbitrary Code Injection via the How to fix Arbitrary Code Injection? Upgrade |
[,3.1.6)
|