Miggo Logo
Miggo Vulnerability Database
CVE-2017-1000228

CVE-2017-1000228: ejs is vulnerable to remote code execution due to weak input validation

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-1000228
GHSA ID
GHSA-3w5v-p54c-f74x
EPSS Score
0.91115%
CWE
CWE-20
Published
11/30/2017
Updated
9/8/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
ejsnpm< 2.5.32.5.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsafe merging of user-provided data with template options. Analysis of the patches shows:

  1. render() and renderFile() both used the vulnerable cpOptsInData function
  2. cpOptsInData lacked validation for dangerous options like 'root' prior to blacklist
  3. The commits explicitly modify option handling in these functions
  4. Exploit would show these functions processing attacker-controlled options
  5. CVE description specifically implicates renderFile() as the entry point Internal cpOptsInData is included as it appears in execution flow when options are processed from user input.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

no**js *js v*rsions ol**r t**n *.*.* is vuln*r**l* to r*mot* *o** *x**ution *u* to w**k input v*li**tion in `*js.r*n**r*il*()` *un*tion

Reasoning

T** vuln*r**ility st*ms *rom uns*** m*r*in* o* us*r-provi*** **t* wit* t*mpl*t* options. *n*lysis o* t** p*t***s s*ows: *. r*n**r() *n* r*n**r*il*() *ot* us** t** vuln*r**l* *pOptsIn**t* *un*tion *. *pOptsIn**t* l**k** v*li**tion *or **n**rous option