Lucene search
MitreCVELIST:CVE-2017-5941HistoryFeb 09, 2017 - 7:00 p.m.
CVE-2017-5941
2017-02-0919:00:00
mitre
www.cve.org
5
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
References
packetstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.html
packetstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.html
www.securityfocus.com/bid/96225
nodesecurity.io/advisories/311
opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
Related
zdt
zdt
Node.JS - (node-serialize) Remote Code Execution Exploit (3)
2021-06-18 00:00:00
github
github
Code Execution through IIFE in node-serialize
2018-07-18 18:27:56
nodejs
nodejs
Code Execution through IIFE
2017-02-09 16:30:45
osv
osv
Code Execution through IIFE in node-serialize
2018-07-18 18:27:56
packetstorm
packetstorm
Node.JS Remote Code Execution
2021-02-10 00:00:00
Node.JS Remote Code Execution
2021-06-18 00:00:00
veracode
veracode
Remote Code Execution Via Deserialisation Of Untrusted Object
2017-02-09 23:56:02
checkpoint_advisories
checkpoint_advisories
Node.js Remote Code Execution (CVE-2017-5941)
2021-02-24 00:00:00
prion
prion
Code injection
2017-02-09 19:59:00
exploitdb
exploitdb
Node.JS - 'node-serialize' Remote Code Execution (2)
2021-02-10 00:00:00
Node.JS - 'node-serialize' Remote Code Execution
2017-02-08 00:00:00
Node.JS - 'node-serialize' Remote Code Execution (3)
2021-06-18 00:00:00
cve
cve
CVE-2017-5941
2017-02-09 19:59:00
nvd
nvd
CVE-2017-5941
2017-02-09 19:59:00