Improper Control of Dynamically-Managed Code Resources Affecting org.webjars.npm:ejs package, versions [0,]
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGWEBJARSNPM-6808864
- published 8 May 2024
- disclosed 28 Apr 2024
- credit Unknown
Introduced: 28 Apr 2024
CVE-2024-33883 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
org.webjars.npm:ejs is a popular JavaScript templating engine.
Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the lack of certain pollution protection mechanisms. An attacker can exploit this vulnerability to manipulate object properties that should not be accessible or modifiable.
Note:
Even after updating to the fix version that adds enhanced protection against prototype pollution, it is still possible to override the hasOwnProperty
method.