Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| eta(npm) | 0 | 2.0.0 | N/A |
CVSS Metrics
