Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 4:10 p.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.3 Vulnerability Details CVEID:CVE-2013-4660 DESCRIPTION: The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute...

7.5CVSS10AI score0.99019EPSS
Exploits18Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 a.m.5 views

CVE-2013-4660

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...

6.8CVSS7.8AI score0.17186EPSS
Exploits7References1
vulnersOsv
vulnersOsv
added 2017/10/24 6:33 p.m.5 views

@abstract-os/abstract.js (>=0.2.0-beta.6.2 <=0.2.0-beta.6.3), @acme-wct/rental-math (=0.0.1) +854 more potentially affected by CVE-2013-4660 via js-yaml (>=0.3.5 <=2.0.4)

js-yaml NPM version =0.3.5, =0.2.0-beta.6.2, =1.0.7, =0.0.1, =0.0.1, =1.0.0-rc2, =1.1.29, =0.0.1, =0.0.1, =0.1.0 - @anywhere-ui/angular =0.3.0 and more Source cves: CVE-2013-4660 Source advisory: OSV:GHSA-XXVW-45RP-3MJ2...

6.8CVSS6.6AI score0.17186EPSS
Exploits7
seebug.org
seebug.org
added 2013/10/09 12:0 a.m.23 views

Nodejs js-yaml load() Code Exec

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score0.17186EPSS
Exploits7
Circl
Circl
added 2013/09/30 12:0 a.m.12 views

CVE-2013-4660

creationtimestamp| type| source ---|---|--- 2013-09-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28655 2017-10-24 18:33:37+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xxvw-45rp-3mj2 2018-05-29 15:50:33+00:00| seen|...

6.8CVSS6.8AI score0.17186EPSS
Exploits7References5
Metasploit
Metasploit
added 2013/09/16 6:37 p.m.50 views

Nodejs js-yaml load() Code Execution

This module can be used to abuse node.js applications that parse user-supplied YAML input using the load function from the 'js-yaml' package 'Nodejs js-yaml load Code Execution', 'Description' = %q This module can be used to abuse node.js applications that parse user-supplied YAML input using the...

6.8CVSS7.1AI score0.17186EPSS
Exploits7
Cvelist
Cvelist
added 2013/06/28 2:0 p.m.35 views

CVE-2013-4660

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...

7.5AI score0.17186EPSS
Exploits7References2
CVE
CVE
added 2013/06/28 2:0 p.m.165 views

CVE-2013-4660

CVE-2013-4660 affects the JS-YAML package for Node.js prior to 2.0.5. The vulnerability arises when parsing YAML input with the unsafe !!js/function tag, which can trigger an eval and allow remote code execution. IBM X-Force/other sources confirm a high-severity impact (code execution via crafted...

6.8CVSS7.6AI score0.17186EPSS
Exploits7References2Affected Software1
Rows per page
Query Builder