### [CVE-2023-29827](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29827)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

** DISPUTED ** ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.

### POC

#### Reference
- https://github.com/mde/ejs/issues/720

#### Github
No PoCs found on GitHub currently.