ejs-compiled-loader icon indicating copy to clipboard operation
ejs-compiled-loader copied to clipboard

Published 20 hours ago verified publisher icon bazilio91

Critical security vulnerability

Open kdv24 opened this issue 3 years ago • 0 comments
trafficstars

I'm seeing a security vulnerability based on the version of this package's ejs dependency. It looks like ejs solved that in version 3.1.7. I tried updating ejs-compiled-loader to use 3.1.8 (the latest ejs), and did not run into problems the way I use it. Is this an update you can do please?

$npm audit
# npm audit report

ejs  <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
No fix available
node_modules/ejs
  ejs-compiled-loader  *
  Depends on vulnerable versions of ejs
  node_modules/ejs-compiled-loader

kdv24 avatar Jun 01 '22 17:06 kdv24