{"uuid": "a75f4bc4-2172-4e71-a33c-7bce46f2a4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25967", "type": "seen", "source": "https://t.me/cibsecurity/57143", "content": "\u203c CVE-2022-25967 \u203c\n\nVersions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-30T07:36:54.000000Z"}