CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21	Broken Link
https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182	Broken Link
https://github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd	Patch Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-ETA-2936803	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eta.js:eta:*:*:*:*:*:node.js:*:*

History

07 Nov 2023, 03:44

Type	Values Removed	Values Added
Summary	Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data.	Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data.

Information

Published : 2023-01-30 05:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-25967

Mitre link : CVE-2022-25967

CVE.ORG link : CVE-2022-25967

JSON object : View

Products Affected

eta.js

eta

CWE

NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2022-25967", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2023-01-30T05:15:10.177", "references": [{"url": "https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21", "tags": ["Broken Link"], "source": "report@snyk.io"}, {"url": "https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182", "tags": ["Broken Link"], "source": "report@snyk.io"}, {"url": "https://github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd", "tags": ["Patch", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-ETA-2936803", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API.\r\r**Note:** This is exploitable only for users who are rendering templates with user-defined data.\r\r"}], "lastModified": "2023-11-07T03:44:53.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eta.js:eta:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "1E6958D1-1731-4523-BE7B-F4BBED80549B", "versionEndExcluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}