Node.js ejs Package 'ejs.renderFile()' Function Remote Code Execution Vulnerability

The ejs Package for Node.js is prone to remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions.

Versions prior to ejs 2.5.3 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus