CVE-2022-29078 PoC — Github ejs 代码注入漏洞

Source

https://github.com/seal-sec-demo-2/npm-demo

Associated Vulnerability

Title:Github ejs 代码注入漏洞 (CVE-2022-29078)
Description:Github ejs是嵌入式 JavaScript 模板。 ejs 3.1.6 版本存在代码注入漏洞，该漏洞源于 settings[view options][outputFunctionName] 中可以进行服务器端模板注入。这被解析为内部选项，并使用任意 OS 命令（在模板编译时执行）覆盖 outputFunctionName 选项。

Description

Browser demo: EJS template injection (CVE-2022-29078) with Seal Security remediation

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!