{"vulnerability": "CVE-2022-29078", "sightings": [{"uuid": "8ed0484e-006f-4c28-b635-1bb6d161aaef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "7df222e0-d7da-4f05-8af9-c2850d46494d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-16)", "content": "", "creation_timestamp": "2025-05-16T00:00:00.000000Z"}, {"uuid": "101db4e4-88d9-49c0-a1e6-9327a13678e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-28)", "content": "", "creation_timestamp": "2025-05-28T00:00:00.000000Z"}, {"uuid": "976f1907-c4ac-444a-bc14-911ed306de16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-03)", "content": "", "creation_timestamp": "2025-05-03T00:00:00.000000Z"}, {"uuid": "69129b76-28b9-482d-9067-a329c6241cbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-17)", "content": "", "creation_timestamp": "2025-05-17T00:00:00.000000Z"}, {"uuid": "8869070e-94d7-4471-8902-01d13fe23aae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8953", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aServerside Template Injection (SSTI) RCE - THM challenge \\\"whiterose\\\"    \nURL\uff1ahttps://github.com/l0n3m4n/CVE-2022-29078\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-05T06:17:58.000000Z"}, {"uuid": "3722cdfc-458b-4c71-9b90-2b1f36afa8e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/692", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aServerside Template Injection (SSTI) RCE - THM challenge \\\"whiterose\\\"    \nURL\uff1ahttps://github.com/l0n3m4n/CVE-2022-29078\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-11-05T20:57:54.000000Z"}, {"uuid": "e0f735f3-61ee-4e92-85dc-74a5c32278f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/378", "content": "CVE-2022-29078 : EJS - Server Side Template Injection (RCE)\nhttps://eslam.io/posts/ejs-server-side-template-injection-rce", "creation_timestamp": "2022-08-08T05:30:34.000000Z"}, {"uuid": "5801ec7b-052a-45b0-a44c-a9ad17077edf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "published-proof-of-concept", "source": "Telegram/BnM5S5zNNeaAgZhmsQ5GC58SGsVwUigmzA5S5tsXcbsUcw", "content": "", "creation_timestamp": "2022-07-19T12:12:47.000000Z"}, {"uuid": "40dbb2e8-ea48-4460-9d74-6585be0ddc88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/862", "content": "Updates On Hackbyte Forum:-\n\n\ud83d\udcccSmbpentest: Test Samba Servers which may have been configured improperly for anonymous access to vulnerable shares\n\n\ud83d\udcccLBOZO: A hybrid Windows Ransomware\n\n\ud83d\udcccHoaxshell: An unconventional Windows reverse shell, currently undetected by Microsoft Defender and other AV solutions, solely based on http(s) traffic\n\n\ud83d\udcccPing Castle Cloud\n\n\ud83d\udcccCoffeeLdr\n\n\ud83d\udcccZimbra #Exploit CVE-2022-30333\n\n\ud83d\udcccCVE-2022-24086 RCE POC\n\n\ud83d\udcccdata.gov.uk \u2013 UK Government Backups\n\n\ud83d\udccctelefonica Ecuador CRM Files Leaks\n\n\ud83d\udcccSvetlogorsk39.ru leak\n\n\ud83d\udcccrbcd-attack\n\n\ud83d\udcccRustyTokenManipulation\n\n\ud83d\udcccOralyzer - Open Redirection Analyzer\n\n\ud83d\udcccSalus \u2013 SBOM Tool\n\n\ud83d\udcccSliver GUI client.\n\n\ud83d\udcccCVE-2022-32119 - Arox-Unrestricted-File-Upload\n\n\ud83d\udcccNodeJS Ransomware\n\n\ud83d\udcccDirble - Fast directory scanning and scraping tool\n\n\ud83d\udcccWebView2-Cookie-Stealer\n\n\ud83d\udcccZombieThread - Another meterpreter injection technique using C# that attempts to bypass WD.\n\n\ud83d\udcccEvil Clippy\n\n\ud83d\udcccEvtx Log (xml) Browser\n\n\ud83d\udcccCVE-2022-30333\n\n\ud83d\udcccCVE-2022-23614: PoC for CVE-2022-23614 (Twig sort filter code execution/sandbox bypass)\n\n\ud83d\udcccCVE-2022-33891 - Apache Spark shell command injection\n\n\ud83d\udcccEJS, Server side template injection RCE (CVE-2022-29078)\n\n\ud83d\udcccBinary Ninja Commercial 3.1.3469 (2022-05-31)\n\n\ud83d\udccccitycollege.edu Health University Leak\n\n\ud83d\udcccFull HHIDE.ORG forum dump\n\n\ud83d\udcccdanish.my Leak\n\n\ud83d\udcccstripchat.com Leak\n\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffb Updates:- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-07-19T13:38:52.000000Z"}, {"uuid": "50c9375a-5bf3-4281-89ed-e205fd7eb050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "seen", "source": "https://t.me/cibsecurity/41385", "content": "\u203c CVE-2022-29078 \u203c\n\nThe ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T18:36:10.000000Z"}, {"uuid": "a3c9c668-5157-48bd-a336-77e53f86edc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6378", "content": "EJS, Server side template injection RCE (CVE-2022-29078) - writeup https://eslam.io/posts/ejs-server-side-template-injection-rce/", "creation_timestamp": "2022-07-19T10:13:43.000000Z"}, {"uuid": "613e5e70-5643-4067-a285-3cd5ea84d1d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29078", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6551", "content": "#exploit\n1. CVE-2022-1215:\nnday exploit - libinput format string bug, canary leak exploit\nhttps://blog.coffinsec.com/nday/2022/08/04/CVE-2022-1215-libinput-fmt-canary-leak.html\n\n2. CVE-2022-29078:\nEJS, Server side template injection RCE\nhttps://eslam.io/posts/ejs-server-side-template-injection-rce\n\n3. Liferay revisited...\nhttps://vsrc.vng.com.vn/blog/liferay-revisited-a-tale-of-20k", "creation_timestamp": "2022-08-07T13:56:01.000000Z"}]}