CVE-2017-1000189: Input Validation

Q: What is CVE-2017-1000189?

CVE-2017-1000189 is a vulnerability in nodejs ejs version older than 2.5.5, which allows for a denial-of-service attack due to weak input validation in the ejs.renderFile() function.

Q: What is the severity of CVE-2017-1000189?

The severity of CVE-2017-1000189 is high, with a severity score of 7.5.

Q: How do I fix CVE-2017-1000189?

To fix CVE-2017-1000189, update your nodejs ejs package to version 2.5.5 or newer.

Q: Where can I find more information about CVE-2017-1000189?

You can find more information about CVE-2017-1000189 on the NVD (National Vulnerability Database) website and the GitHub advisory page.

Q: What is CWE-20?

CWE-20 is a common weakness enumeration category that refers to input validation vulnerabilities.

Published Nov 17, 2017

Updated

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in ejs.renderFile()

Other sources

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()

Affected Software

2 affected componentsFixes available

npm/ejs<2.5.5

2.5.5

ejs ejs<2.5.5

Remediation

Patch Available

https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f

Event History

Nov 17, 2017

CVE Published

via MITRE·03:00 AM

Data Sourced

via MITRE·03:00 AM

Description

Mar 5, 2018

Advisory Published

06:54 PM

Frequently Asked Questions

What is CVE-2017-1000189?

CVE-2017-1000189 is a vulnerability in nodejs ejs version older than 2.5.5, which allows for a denial-of-service attack due to weak input validation in the ejs.renderFile() function.

What is the severity of CVE-2017-1000189?

The severity of CVE-2017-1000189 is high, with a severity score of 7.5.

How do I fix CVE-2017-1000189?