CVE-2017-1000228

Name of the Vulnerable Software and Affected Versions ejs versions prior to 2.5.3

Description The issue is related to weak input validation in the ejs.renderFile() function, which can lead to remote code execution.

Recommendations For versions prior to 2.5.3, update to version 2.5.3 or later to resolve the issue. As a temporary workaround, consider disabling the ejs.renderFile() function until a patch is available. Restrict access to sensitive data and validate all user input to minimize the risk of exploitation.