Every CVE whose affected-product data names Eta.js Eta, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2023-23630 — CVSS 8.6 (high): Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is…
CVE-2022-25967 — CVSS 8.1 (high): Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration…