Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2018/07/18 6:27 p.m.7 views

astronomia (>=1.3.1 <=1.3.2) potentially affected by CVE-2017-5954 via serialize-to-js (=0.5.0)

serialize-to-js NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on serialize-to-js and may be impacted: - astronomia =1.3.1, =1.3.2 Source cves: CVE-2017-5954 Source advisory: OSV:GHSA-MM62-WXC8-CF7M...

9.8CVSS7.2AI score0.04464EPSS
Exploits1
Circl
Circl
added 2018/07/18 6:27 p.m.8 views

CVE-2017-5954

creationtimestamp| type| source ---|---|--- 2018-07-18 18:27:41+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-mm62-wxc8-cf7m...

9.8CVSS7.3AI score0.04464EPSS
Exploits1References1
OSV
OSV
added 2017/02/10 7:59 a.m.20 views

CVE-2017-5954

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression IIFE...

9.8CVSS7.5AI score
Exploits0References3
Cvelist
Cvelist
added 2017/02/10 6:51 a.m.26 views

CVE-2017-5954

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression IIFE...

9.7AI score0.04464EPSS
Exploits1References3
CVE
CVE
added 2017/02/10 6:51 a.m.79 views

CVE-2017-5954

The CVE-2017-5954 entry concerns the Node.js package serialize-to-js (v0.5.0). An attacker can inject untrusted data into deserialize() to achieve arbitrary code execution via a JavaScript Object containing an IIFE. Documented references (OSV GHSA and npm advisories) confirm a remote code executi...

9.8CVSS9.6AI score0.04464EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder