Server-side Template Injection in ejs Package 3.1.6 for Node.js

Server-side Template Injection in ejs Package 3.1.6 for Node.js

CVE-2022-29078 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

Learn more about our Cis Benchmark Audit For Server Software.