First published: Fri Nov 17 2017(Updated: )
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in `ejs.renderFile()`
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ejs ejs | <2.5.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-1000189 is a vulnerability in nodejs ejs version older than 2.5.5, which allows for a denial-of-service attack due to weak input validation in the ejs.renderFile() function.
The severity of CVE-2017-1000189 is high, with a severity score of 7.5.
To fix CVE-2017-1000189, update your nodejs ejs package to version 2.5.5 or newer.
You can find more information about CVE-2017-1000189 on the NVD (National Vulnerability Database) website and the GitHub advisory page.
CWE-20 is a common weakness enumeration category that refers to input validation vulnerabilities.