Описание
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
Ссылки
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.4 (включая)
Одно из
cpe:2.3:a:js-yaml_project:js-yaml:*:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.3.6:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:js-yaml_project:js-yaml:2.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.65611
Средний
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
EPSS
Процентиль: 98%
0.65611
Средний
6.8 Medium
CVSS2
Дефекты
CWE-20