CVE-2022-29078
Description
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
NVD
Severity: CRITICAL
CVE ID: CVE-2022-29078
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-29078
Refrence: Project Discovery GitHub
miko550
vuln ejs 3.1.6 docker
Refrence: GitHub
liam-star-black-master
Refrence: GitHub