CVE-2022-25967
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
Summary
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | eta | 0 < 2.0.0 | affected |
Weaknesses
- CWE-94: Remote Code Execution (RCE)
ADP Enrichment
CVE Program Container
Additional References
- https://security.snyk.io/vuln/SNYK-JS-ETA-2936803
- https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182
- https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21
- https://github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://security.snyk.io/vuln/SNYK-JS-ETA-2936803
- https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182
- https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21
- https://github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.