{"vulnerability": "CVE-2022-25967", "sightings": [{"uuid": "4a0fafdf-72b6-480d-a976-1f86587fd028", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25967", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9195", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25967\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P)\n\ud83d\udd39 Description: Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API.**Note:** This is exploitable only for users who are rendering templates with user-defined data.\n\ud83d\udccf Published: 2023-01-30T05:00:01.228Z\n\ud83d\udccf Modified: 2025-03-27T20:15:37.734Z\n\ud83d\udd17 References:\n1. https://security.snyk.io/vuln/SNYK-JS-ETA-2936803\n2. https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/file-handlers.ts%23L182\n3. https://github.com/eta-dev/eta/blob/9c8e4263d3a559444a3881a85c1607bf344d0b28/src/compile-string.ts%23L21\n4. https://github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd", "creation_timestamp": "2025-03-27T20:27:12.000000Z"}, {"uuid": "a75f4bc4-2172-4e71-a33c-7bce46f2a4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25967", "type": "seen", "source": "https://t.me/cibsecurity/57143", "content": "\u203c CVE-2022-25967 \u203c\n\nVersions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-30T07:36:54.000000Z"}]}