4
CVE-2024-33883
- EPSS 0.61%
- Veröffentlicht 28.04.2024 16:15:23
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.446 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4 | 2.5 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5
https://github.com/mde/ejs/compare/v3.1.9...v3.1.10
https://security.netapp.com/advisory/ntap-20240605-0003/