5 matches found
astronomia (>=1.3.1 <=1.3.2) potentially affected by CVE-2017-5954 via serialize-to-js (=0.5.0)
serialize-to-js NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on serialize-to-js and may be impacted: - astronomia =1.3.1, =1.3.2 Source cves: CVE-2017-5954 Source advisory: OSV:GHSA-MM62-WXC8-CF7M...
CVE-2017-5954
creationtimestamp| type| source ---|---|--- 2018-07-18 18:27:41+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-mm62-wxc8-cf7m...
CVE-2017-5954
An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression IIFE...
CVE-2017-5954
An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression IIFE...
CVE-2017-5954
The CVE-2017-5954 entry concerns the Node.js package serialize-to-js (v0.5.0). An attacker can inject untrusted data into deserialize() to achieve arbitrary code execution via a JavaScript Object containing an IIFE. Documented references (OSV GHSA and npm advisories) confirm a remote code executi...