CVE-2017-1000188
Cross-site-scripting vulnerability in ejs (npm)
What is CVE-2017-1000188 About?
This is a Cross-site scripting (XSS) vulnerability in the `ejs.renderFile()` function of the Node.js `ejs` templating engine, which can lead to code injection. Successful exploitation allows for arbitrary code execution in the client's browser, posing a medium-to-easy exploitation risk through crafted template content.
Affected Software
Technical Details
The vulnerability impacts ejs versions older than 2.5.5, specifically within the ejs.renderFile() function. When this function processes a template, it does not adequately sanitize or escape certain outputs, especially when dealing with variables or constructs that can inject HTML or script tags. An attacker can supply a malicious template or data that, when rendered by ejs.renderFile(), results in the injection of arbitrary client-side script code into the generated HTML. This script is then executed by the victim's browser, enabling XSS attacks and potentially leading to client-side code injection.
What is the Impact of CVE-2017-1000188?
Successful exploitation may allow attackers to execute arbitrary client-side scripts, deface web pages, steal sensitive user data, or hijack user sessions.
What is the Exploitability of CVE-2017-1000188?
Exploitation requires an attacker to control the content passed to ejs.renderFile(), either by supplying a malicious template file or crafting input that is then incorporated into the template. This is a client-side vulnerability, and its execution is local to the victim's browser. No prior authentication is explicitly required if the application allows unauthenticated users to influence template rendering. The attacker needs to understand how ejs processes templates to effectively inject malicious code. The complexity is medium, depending on how easily an attacker can manipulate the input to ejs.renderFile(). Applications that dynamically generate or process templates based on untrusted user input are at higher risk.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2017-1000188?
About the Fix from Resolved Security
Available Upgrade Options
- ejs
- <2.5.5 → Upgrade to 2.5.5
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000188
- https://web.archive.org/web/20200227134555/http://www.securityfocus.com/bid/101889
- https://github.com/mde/ejs
- https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f
- https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f
- https://github.com/advisories/GHSA-hwcf-pp87-7x6p
- http://www.securityfocus.com/bid/101889
- https://osv.dev/vulnerability/GHSA-hwcf-pp87-7x6p
What are Similar Vulnerabilities to CVE-2017-1000188?
Similar Vulnerabilities: CVE-2017-1000427 , CVE-2019-1000007 , CVE-2018-1000010 , CVE-2016-10738 , CVE-2017-15091
