We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Embedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.7.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ejs/package.json
Dependency Hierarchy:
Found in HEAD commit: d920951800978f8e66da6e0d1c5347d1c029c28c
Found in base branch: main
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
Publish Date: 2024-04-28
URL: CVE-2024-33883
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-33883
Release Date: 2024-04-28
Fix Resolution: ejs - 3.1.10
The text was updated successfully, but these errors were encountered:
[CVE-2024-33883] Bump ejs from to
b73ea03
Issue Resolved opensearch-project#6769 Signed-off-by: Anan Zhuang <[email protected]>
3.1.7
3.1.10
9e43c7b
016dcfd
[2.x Manual Backport][CVE-2024-33883] Bump ejs from 3.1.7 to 3.1.10
99a25f3
Backport PR opensearch-project#6770 Issue Resolved opensearch-project#6769 Signed-off-by: Anan Zhuang <[email protected]>
[2.x Manual Backport][CVE-2024-33883] Bump ejs from 3.1.7 to 3.1.10 (#…
f06b6aa
…6924) Backport PR #6770 Issue Resolved #6769 Signed-off-by: Anan Zhuang <[email protected]>
No branches or pull requests
CVE-2024-33883 - High Severity Vulnerability
Vulnerable Library - ejs-3.1.7.tgz
Embedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.7.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ejs/package.json
Dependency Hierarchy:
Found in HEAD commit: d920951800978f8e66da6e0d1c5347d1c029c28c
Found in base branch: main
Vulnerability Details
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
Publish Date: 2024-04-28
URL: CVE-2024-33883
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-33883
Release Date: 2024-04-28
Fix Resolution: ejs - 3.1.10
The text was updated successfully, but these errors were encountered: