| Release | Version |
|---|---|
| buster | 2.5.7-1+deb10u1 |
| bullseye | 2.5.7-3+deb11u1 |
| bookworm | 3.1.8+~3.1.1-2 |
| trixie | 3.1.10+~3.1.5-1 |
| sid | 3.1.10+~3.1.5-1 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2024-33883 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | The ejs (aka Embedded JavaScript templates) package before 3.1.10 for ... |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2023-29827 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | ejs v3.1.9 is vulnerable to server-side template injection. If the ejs ... |
| Bug | Description |
|---|---|
| CVE-2022-29078 | The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js ... |
| CVE-2017-1000228 | nodejs ejs versions older than 2.5.3 is vulnerable to remote code exec ... |
| CVE-2017-1000189 | nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-servi ... |
| CVE-2017-1000188 | nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scri ... |