Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package eta, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2023-23630 — CVSS 8.6 (high): Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is…
CVE-2022-25967 — CVSS 8.1 (high): Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration…