Lucene search
GitHub Advisory DatabaseGHSA-GHR5-CH3P-VCR6HistoryApr 28, 2024 - 6:30 p.m.
ejs lacks certain pollution protection
2024-04-2818:30:31
CWE-693
CWE-1321
GitHub Advisory Database
github.com
42
ejs template
pollution protection
node.js
CVSS3
4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
47.9%
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
Affected configurations
Node
ejsejsRange<3.1.10
Related
cgr
cgr
CVE-2024-33883 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2024-33883
2024-04-28 16:15:23
cvelist
cvelist
CVE-2024-33883
2024-04-28 00:00:00
cve
cve
CVE-2024-33883
2024-04-28 16:15:23
osv
osv
CVE-2024-33883
2024-04-28 16:15:23
CGA-3vpj-q6fj-cx7m
2024-06-06 12:22:09
ejs lacks certain pollution protection
2024-04-28 18:30:31
ubuntucve
ubuntucve
CVE-2024-33883
2024-04-28 00:00:00
nvd
nvd
CVE-2024-33883
2024-04-28 16:15:23
ibm
ibm
veracode
veracode
Prototype Pollution
2024-04-29 05:11:33
vulnrichment
vulnrichment
CVE-2024-33883
2024-04-28 00:00:00
wolfi
wolfi
CVE-2024-33883 vulnerabilities
2024-09-19 09:11:50
githubexploit
githubexploit
Exploit for CVE-2024-33883
2024-06-25 18:40:31
redos
redos
ROS-20240719-05
2024-07-19 00:00:00
CVSS3
4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
47.9%
Related for GHSA-GHR5-CH3P-VCR6