8 matches found
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.3 Vulnerability Details CVEID:CVE-2013-4660 DESCRIPTION: The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute...
CVE-2013-4660
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...
@abstract-os/abstract.js (>=0.2.0-beta.6.2 <=0.2.0-beta.6.3), @acme-wct/rental-math (=0.0.1) +854 more potentially affected by CVE-2013-4660 via js-yaml (>=0.3.5 <=2.0.4)
js-yaml NPM version =0.3.5, =0.2.0-beta.6.2, =1.0.7, =0.0.1, =0.0.1, =1.0.0-rc2, =1.1.29, =0.0.1, =0.0.1, =0.1.0 - @anywhere-ui/angular =0.3.0 and more Source cves: CVE-2013-4660 Source advisory: OSV:GHSA-XXVW-45RP-3MJ2...
Nodejs js-yaml load() Code Exec
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
CVE-2013-4660
creationtimestamp| type| source ---|---|--- 2013-09-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28655 2017-10-24 18:33:37+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xxvw-45rp-3mj2 2018-05-29 15:50:33+00:00| seen|...
Nodejs js-yaml load() Code Execution
This module can be used to abuse node.js applications that parse user-supplied YAML input using the load function from the 'js-yaml' package 'Nodejs js-yaml load Code Execution', 'Description' = %q This module can be used to abuse node.js applications that parse user-supplied YAML input using the...
CVE-2013-4660
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...
CVE-2013-4660
CVE-2013-4660 affects the JS-YAML package for Node.js prior to 2.0.5. The vulnerability arises when parsing YAML input with the unsafe !!js/function tag, which can trigger an eval and allow remote code execution. IBM X-Force/other sources confirm a high-severity impact (code execution via crafted...