Vulnerability	Vulnerable Version
M Improper Control of Dynamically-Managed Code Resources ejs is a popular JavaScript templating engine. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the lack of certain pollution protection mechanisms. An attacker can exploit this vulnerability to manipulate object properties that should not be accessible or modifiable. Note: Even after updating to the fix version that adds enhanced protection against prototype pollution, it is still possible to override the `hasOwnProperty` method. How to fix Improper Control of Dynamically-Managed Code Resources? Upgrade `ejs` to version 3.1.10 or higher.	<3.1.10

Improper Control of Dynamically-Managed Code Resources

ejs is a popular JavaScript templating engine.

Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the lack of certain pollution protection mechanisms. An attacker can exploit this vulnerability to manipulate object properties that should not be accessible or modifiable.

Note:

Even after updating to the fix version that adds enhanced protection against prototype pollution, it is still possible to override the hasOwnProperty method.

How to fix Improper Control of Dynamically-Managed Code Resources?

Upgrade ejs to version 3.1.10 or higher.

<3.1.10

Go back to all versions of this package