{"id":"UBUNTU-CVE-2017-1000189","details":"nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()","modified":"2025-07-16T08:20:12.952883Z","published":"2017-11-17T03:29:00Z","withdrawn":"2025-07-18T16:44:20Z","upstream":["CVE-2017-1000189"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-1000189"},{"type":"REPORT","url":"https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-1000189"}],"affected":[{"package":{"name":"node-ejs","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/node-ejs@2.5.7-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5.7-1"}]}],"versions":["2.5.2-1"],"ecosystem_specific":{"binaries":[{"binary_name":"node-ejs","binary_version":"2.5.7-1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000189.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}