What is CVE-2023-29827?

CVE-2023-29827 is a vulnerability in N/a. Published 2023-05-04.

Is CVE-2023-29827 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-29827

ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor bec…

EPSS: 0.663 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

NketiahGodfred/EJS-ssti-exploit
momrulhasan/ejs-ssti-shell-spawner
wizarddos/Whiterose-THM-foothold

References

github.com/mde/ejs/issues/720
github.com/mde/ejs/blob/main/SECURITY.md

Frequently asked questions

What is CVE-2023-29827?: CVE-2023-29827 is a vulnerability in N/a. Published 2023-05-04.
Is CVE-2023-29827 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.