npm/ejs — 5 CVEs · VulnScope

CRITICAL9.8CVE-2022-29078ejs template injection vulnerability

from 0, < 3.1.7

CRITICAL9.8CVE-2017-1000228ejs is vulnerable to remote code execution due to weak input validation

from 0, < 2.5.5

HIGH7.5CVE-2017-1000189ejs vulnerable to DoS due to weak input validation

from 0, < 2.5.5

MEDIUM6.1mde ejs vulnerable to XSS

from 0, < 2.5.5

MEDIUM4.0ejs lacks certain pollution protection

from 0, < 3.1.10

pkg:npm/ejs