GHSA-9p6p-8v9r-8c9m

Опубликовано: 04 июн. 2024

Источник: github

Github: Прошло ревью

CVSS3: 8.1

Описание

javascript-deobfuscator crafted payload can lead to code execution

javascript-deobfuscator removes common JavaScript obfuscation techniques. Crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0.

Ссылки

Пакеты

Наименование

js-deobfuscator

npm

Затронутые версииВерсия исправления

< 1.1.0

1.1.0

EPSS

Процентиль: 52%

0.00292

Низкий

8.1 High

CVSS3

CVE ID

CVE-2024-36120

Дефекты

CWE-94

Связанные уязвимости

CVE-2024-36120

CVSS3: 8.1

nvd

больше 1 года назад

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.

EPSS

Процентиль: 52%

0.00292

Низкий

8.1 High

CVSS3

CVE ID

CVE-2024-36120

Дефекты

CWE-94