Embedded JavaScript templates vulnerable to pollution
CVE-2024-33883

4MEDIUM

Key Information:

Vendor

ejs

Vendor
CVE Published:
28 April 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-33883?

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

References

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.