CVE-2017-1000189

EPSS 0.91%
Veröffentlicht 17.11.2017 03:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ejs ≫ Ejs Version < 2.5.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.738

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f

Patch

Third Party Advisory

http://www.securityfocus.com/bid/101893

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-1000189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-1000189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-1000189

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-1000189