Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-k525-8c5h-tbdq

Summary

Improper Input Validation
The ejs module is vulnerable to a denial-of-service due to weak input validation in the `ejs.renderFile()`.

Aliases

alias	CVE-2017-1000189

alias	GHSA-6x77-rpqf-j6mw

Fixed_packages

url	pkg:deb/debian/node-ejs@2.5.7-1?distro=trixie
purl	pkg:deb/debian/node-ejs@2.5.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ejs@2.5.7-1%3Fdistro=trixie

url pkg:deb/debian/node-ejs@2.5.7-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/node-ejs@2.5.7-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tzhu-kbcs-7kbv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ejs@2.5.7-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/node-ejs@3.1.8%2B~3.1.1-2?distro=trixie

purl pkg:deb/debian/node-ejs@3.1.8%2B~3.1.1-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tzhu-kbcs-7kbv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ejs@3.1.8%252B~3.1.1-2%3Fdistro=trixie

url	pkg:deb/debian/node-ejs@3.1.10%2B~3.1.5-2?distro=trixie
purl	pkg:deb/debian/node-ejs@3.1.10%2B~3.1.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ejs@3.1.10%252B~3.1.5-2%3Fdistro=trixie

url	pkg:npm/ejs@2.5.5
purl	pkg:npm/ejs@2.5.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.5.5

Affected_packages

url pkg:npm/ejs@0.0.1

purl pkg:npm/ejs@0.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.0.1

url pkg:npm/ejs@0.0.2

purl pkg:npm/ejs@0.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.0.2

url pkg:npm/ejs@0.0.3

purl pkg:npm/ejs@0.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.0.3

url pkg:npm/ejs@0.0.4

purl pkg:npm/ejs@0.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.0.4

url pkg:npm/ejs@0.1.0

purl pkg:npm/ejs@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.1.0

url pkg:npm/ejs@0.2.0

purl pkg:npm/ejs@0.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.2.0

url pkg:npm/ejs@0.2.1

purl pkg:npm/ejs@0.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.2.1

url pkg:npm/ejs@0.3.0

purl pkg:npm/ejs@0.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.3.0

url pkg:npm/ejs@0.3.1

purl pkg:npm/ejs@0.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.3.1

url pkg:npm/ejs@0.4.0

purl pkg:npm/ejs@0.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.4.0

url pkg:npm/ejs@0.4.1

purl pkg:npm/ejs@0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.4.1

url pkg:npm/ejs@0.4.2

purl pkg:npm/ejs@0.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.4.2

url pkg:npm/ejs@0.4.3

purl pkg:npm/ejs@0.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.4.3

url pkg:npm/ejs@0.5.0

purl pkg:npm/ejs@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.5.0

url pkg:npm/ejs@0.6.0

purl pkg:npm/ejs@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.6.0

url pkg:npm/ejs@0.6.1

purl pkg:npm/ejs@0.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.6.1

url pkg:npm/ejs@0.7.0

purl pkg:npm/ejs@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.7.0

url pkg:npm/ejs@0.7.1

purl pkg:npm/ejs@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.7.1

url pkg:npm/ejs@0.7.2

purl pkg:npm/ejs@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.7.2

url pkg:npm/ejs@0.8.0

purl pkg:npm/ejs@0.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.8.0

url pkg:npm/ejs@0.8.1

purl pkg:npm/ejs@0.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.8.1

url pkg:npm/ejs@0.8.2

purl pkg:npm/ejs@0.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.8.2

url pkg:npm/ejs@0.8.3

purl pkg:npm/ejs@0.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.8.3

url pkg:npm/ejs@0.8.4

purl pkg:npm/ejs@0.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.8.4

url pkg:npm/ejs@0.8.5

purl pkg:npm/ejs@0.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.8.5

url pkg:npm/ejs@0.8.6

purl pkg:npm/ejs@0.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.8.6

url pkg:npm/ejs@0.8.8

purl pkg:npm/ejs@0.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@0.8.8

url pkg:npm/ejs@1.0.0

purl pkg:npm/ejs@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@1.0.0

url pkg:npm/ejs@2.0.2

purl pkg:npm/ejs@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.0.2

url pkg:npm/ejs@2.0.3

purl pkg:npm/ejs@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.0.3

url pkg:npm/ejs@2.0.4

purl pkg:npm/ejs@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.0.4

url pkg:npm/ejs@2.0.5

purl pkg:npm/ejs@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.0.5

url pkg:npm/ejs@2.0.6

purl pkg:npm/ejs@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.0.6

url pkg:npm/ejs@2.0.7

purl pkg:npm/ejs@2.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.0.7

url pkg:npm/ejs@2.0.8

purl pkg:npm/ejs@2.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.0.8

url pkg:npm/ejs@2.1.1

purl pkg:npm/ejs@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.1.1

url pkg:npm/ejs@2.1.2

purl pkg:npm/ejs@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.1.2

url pkg:npm/ejs@2.1.3

purl pkg:npm/ejs@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.1.3

url pkg:npm/ejs@2.1.4

purl pkg:npm/ejs@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.1.4

url pkg:npm/ejs@2.2.1

purl pkg:npm/ejs@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.2.1

url pkg:npm/ejs@2.2.2

purl pkg:npm/ejs@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.2.2

url pkg:npm/ejs@2.2.3

purl pkg:npm/ejs@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.2.3

url pkg:npm/ejs@2.2.4

purl pkg:npm/ejs@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.2.4

url pkg:npm/ejs@2.3.1

purl pkg:npm/ejs@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.3.1

url pkg:npm/ejs@2.3.2

purl pkg:npm/ejs@2.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.3.2

url pkg:npm/ejs@2.3.3

purl pkg:npm/ejs@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.3.3

url pkg:npm/ejs@2.3.4

purl pkg:npm/ejs@2.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.3.4

url pkg:npm/ejs@2.4.1

purl pkg:npm/ejs@2.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.4.1

url pkg:npm/ejs@2.4.2

purl pkg:npm/ejs@2.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.4.2

url pkg:npm/ejs@2.5.1

purl pkg:npm/ejs@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.5.1

url pkg:npm/ejs@2.5.2

purl pkg:npm/ejs@2.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

vulnerability	VCID-nq37-ewy1-d7et

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.5.2

url pkg:npm/ejs@2.5.3

purl pkg:npm/ejs@2.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.5.3

url pkg:npm/ejs@2.5.4

purl pkg:npm/ejs@2.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9hgv-yjdc-j7g7

vulnerability	VCID-k525-8c5h-tbdq

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ejs@2.5.4

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000189.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000189.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000189

reference_id

reference_type

scores

value	0.00913
scoring_system	epss
scoring_elements	0.76248
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000189

reference_url

https://github.com/advisories/GHSA-6x77-rpqf-j6mw

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6x77-rpqf-j6mw

reference_url

https://github.com/mde/ejs

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mde/ejs

reference_url

https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f

reference_url

https://web.archive.org/web/20171123041449/http://www.securityfocus.com/bid/101893

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20171123041449/http://www.securityfocus.com/bid/101893

reference_url	http://www.securityfocus.com/bid/101893
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101893

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404188
reference_id	1404188
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404188

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000189

reference_id

CVE-2017-1000189

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000189

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	88
name	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
description	The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Exploits

Severity_range_score 4.7 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k525-8c5h-tbdq

Vulnerability Instance