CVE-2023-29827
- Reference to the description:
- Description:
- ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.
- Last updated date:
- 08/02/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/10/2023
- Reference url to background