Skip to content

Fix CVE–2022–29078#23

Open
debricked[bot] wants to merge 1 commit intomainfrom
debricked-fix-CVE_2022_29078-e6b6c01af24afd80
Open

Fix CVE–2022–29078#23
debricked[bot] wants to merge 1 commit intomainfrom
debricked-fix-CVE_2022_29078-e6b6c01af24afd80

Conversation

@debricked
Copy link

@debricked debricked bot commented May 13, 2022

CVE–2022–29078

Vulnerable dependency:     ejs (npm)    2.5.7

Vulnerability details

Description

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

NVD

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

GitHub

Template injection in ejs

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

CVSS details - 9.8

 

CVSS3 metrics
Attack Vector Network
Attack Complexity Low
Privileges Required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
References

    NVD - CVE-2022-29078
    Template injection in ejs · CVE-2022-29078 · GitHub Advisory Database · GitHub
    EJS, Server side template injection RCE (CVE-2022-29078) - writeup | ~#whoami
    Releases · mde/ejs · GitHub
    Sanitize option names. · mde/ejs@15ee698 · GitHub
    ejs/ejs.js at 80bf3d7dcc20dffa38686a58b4e0ba70d5cac8a1 · mde/ejs · GitHub
    Release v3.1.7 · mde/ejs · GitHub
    ejs/ejs.js at 80bf3d7dcc20dffa38686a58b4e0ba70d5cac8a1 · mde/ejs · GitHub
    GitHub - mde/ejs: Embedded JavaScript templates -- http://ejs.co
    ejs/ejs.js at 80bf3d7dcc20dffa38686a58b4e0ba70d5cac8a1 · mde/ejs · GitHub
    ejs/utils.js at 80bf3d7dcc20dffa38686a58b4e0ba70d5cac8a1 · mde/ejs · GitHub

 

Related information

📌 Remember! Check the changes to ensure they don't introduce any breaking changes.
📚 Read more about the CVE

 

@debricked debricked bot force-pushed the debricked-fix-CVE_2022_29078-e6b6c01af24afd80 branch from 561b99c to e3c784d Compare May 14, 2022 11:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants