CVE-2024-33883 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
mitre	CNA	---				---
CISA-ADP	ADP	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 66%

Debian Releases

Debian Product

Codename

node-ejs

bullseye	no-dsa
bookworm	no-dsa
buster	postponed
sid	3.1.10+~3.1.5-2 fixed
trixie	3.1.10+~3.1.5-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

node-ejs

plucky	not-affected
oracular	not-affected
noble	needed
mantic	ignored
jammy	needed
focal	needed
bionic	needed

Common Weakness Enumeration

CWE-693 - Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5

https://github.com/mde/ejs/compare/v3.1.9...v3.1.10

https://security.netapp.com/advisory/ntap-20240605-0003/

https://github.com/mde/ejs/commit/e469741dca7df2eb400199e1cdb74621e3f89aa5

https://github.com/mde/ejs/compare/v3.1.9...v3.1.10

https://security.netapp.com/advisory/ntap-20240605-0003/