This security bulletin contains one high risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when parsing data passed to "settings[view options][outputFunctionName]". A remote attacker can send specially crafted request to the application, perform server-side template injection and execute arbitrary code on the system.
Install updates from vendor's website.Vulnerable software versions
EJS: 3.0.1 - 3.1.6
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?