Vulnerability Details CVE-2022-29078
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.935
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://eslam.io/posts/ejs-server-side-template-injection-rce/
- https://github.com/mde/ejs/releases
- https://security.netapp.com/advisory/ntap-20220804-0001/
- https://eslam.io/posts/ejs-server-side-template-injection-rce/
- https://github.com/mde/ejs/releases
- https://security.netapp.com/advisory/ntap-20220804-0001/