Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1
CVE-2023-23630
- EPSS 0.4%
- Veröffentlicht 01.02.2023 01:15:08
- Zuletzt bearbeitet 21.11.2024 07:46:34
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user suppl...
8.8
CVE-2022-25967
- EPSS 15.11%
- Veröffentlicht 30.01.2023 05:15:10
- Zuletzt bearbeitet 27.03.2025 21:15:40
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who ar...
1