CVE-2017-1000189
HIGHejs < 2.5.5 - Denial of Service via Weak Input Validation in ejs.renderFile()
Title source: llmDescription
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101893
Patch, Third Party Advisory x_refsource_misc
https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f
Scores
CVSS v3
7.5
EPSS
0.0227
EPSS Percentile
80.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (2)
ejs/ejs
< 2.5.5
npm/ejs
0 - 2.5.5npm
Published
Nov 17, 2017
Tracked Since
Feb 18, 2026