Miggo Logo
Miggo Vulnerability Database
CVE-2024-33883

CVE-2024-33883:
ejs lacks certain pollution protection

4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-33883
GHSA ID
GHSA-ghr5-ch3p-vcr6
EPSS Score
0.78524%
CWE
CWE-693
Published
4/28/2024
Updated
8/2/2024
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
ejsnpm< 3.1.103.1.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how options were handled in the Template constructor before the patch. The commit introduced utils.hasOwnOnlyObject() to filter out prototype properties, replacing the vulnerable pattern. The pre-patch code in lib/ejs.js line 506-510 directly used the input 'opts' without checking for own properties, making it susceptible to prototype pollution via malicious option objects. The CWE-1321 (Prototype Pollution) mapping confirms this pattern matches prototype pollution vectors.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *js (*k* *m****** J*v*S*ript t*mpl*t*s) p**k*** ***or* *.*.** *or No**.js l**ks **rt*in pollution prot**tion.

Reasoning

T** vuln*r**ility st*ms *rom *ow options w*r* **n*l** in t** T*mpl*t* *onstru*tor ***or* t** p*t**. T** *ommit intro*u*** utils.**sOwnOnlyO*j**t() to *ilt*r out prototyp* prop*rti*s, r*pl**in* t** vuln*r**l* p*tt*rn. T** pr*-p*t** *o** in li*/*js.js