CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API.

**Note:** This is exploitable only for users who are rendering templates with user-defined data.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
snykCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
eta.jseta
𝑥
< 2.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21
https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182
https://github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd
https://security.snyk.io/vuln/SNYK-JS-ETA-2936803
https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21
https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182
https://github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd
https://security.snyk.io/vuln/SNYK-JS-ETA-2936803
https://security.snyk.io/vuln/SNYK-JS-ETA-2936803