Lucene search
HistoryJun 28, 2013 - 2:55 p.m.
CVE-2013-4660
cve-2013-4660
js-yaml module
node.js
remote code execution
crafted input
nvd
7.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.942 High
EPSS
Percentile
99.2%
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
Related
packetstorm
packetstorm
Nodejs js-yaml load() Code Execution
2013-09-25 00:00:00
osv
osv
Deserialization Code Execution in js-yaml
2017-10-24 18:33:37
github
github
Deserialization Code Execution in js-yaml
2017-10-24 18:33:37
prion
prion
Code injection
2013-06-28 14:55:00
checkpoint_advisories
checkpoint_advisories
Nodejs js-yaml load() Code Execution (CVE-2013-4660)
2013-12-22 00:00:00
nodejs
nodejs
Deserialization Code Execution
2015-10-17 19:41:46
zdt
zdt
Nodejs js-yaml load() Code Execution Vulnerability
2013-09-26 00:00:00
securityvulns
securityvulns
[oss-security] CVE request: various NodeJS module vulnerabilities
2014-05-15 00:00:00
7.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.942 High
EPSS
Percentile
99.2%
Related for CVE-2013-4660