The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Denial of Service (DoS) vulnerabilities in an interactive lesson.
Start learningThe vulnerability can be resolved by either using the GitHub integration to generate a pull-request from your dashboard or by running snyk wizard
from the command-line interface.
Otherwise, Upgrade ejs
to version 2.5.5
or higher.
ejs
is a popular JavaScript templating engine.
Affected versions of the package are vulnerable to Denial of Service by letting the attacker under certain conditions control and override the localNames
option causing it to crash.
You can read more about this vulnerability on the Snyk blog.
There's also a Remote Code Execution & Cross-site Scripting vulnerabilities caused by the same behaviour.
ejs
provides a few different options for you to render a template, two being very similar: ejs.render()
and ejs.renderFile()
. The only difference being that render
expects a string to be used for the template and renderFile
expects a path to a template file.
Both functions can be invoked in two ways. The first is calling them with template
, data
, and options
:
ejs.render(str, data, options);
ejs.renderFile(filename, data, options, callback)
The second way would be by calling only the template
and data
, while ejs
lets the options
be passed as part of the data
:
ejs.render(str, dataAndOptions);
ejs.renderFile(filename, dataAndOptions, callback)
If used with a variable list supplied by the user (e.g. by reading it from the URI with qs
or equivalent), an attacker can control ejs
options. This includes the localNames
option, which will cause the renderer to crash.
ejs.renderFile('my-template', {localNames:'try'}, callback);
The fix introduced in version 2.5.3
blacklisted root
options from options passed via the data
object.
2.5.5
released.