CVE-2022-29078

Description

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

NVD
Severity: CRITICAL
CVE ID: CVE-2022-29078
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2022-29078

Refrence: Project Discovery GitHub

miko550

vuln ejs 3.1.6 docker

Refrence: GitHub

liam-star-black-master

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept