Lucene search
Veracode Vulnerability DatabaseVERACODE:3537HistoryFeb 09, 2017 - 11:56 p.m.
Remote Code Execution Via Deserialisation Of Untrusted Object
2017-02-0923:56:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
EPSS
0.04
Percentile
92.3%
node-serialize is vulnerable to remote code execution. The vulnerability exists when an untrusted user input is passed via Immediately Invoked Function Expression (IIFE) to unserialize() function which uses eval() internally for deserialization.
References
packetstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.html
packetstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.html
www.securityfocus.com/bid/96225
github.com/luin/serialize/issues/4
nodesecurity.io/advisories/311
opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
Related
cvelist
cvelist
CVE-2017-5941
2017-02-09 19:00:00
zdt
zdt
Node.JS - (node-serialize) Remote Code Execution Exploit (3)
2021-06-18 00:00:00
github
github
Code Execution through IIFE in node-serialize
2018-07-18 18:27:56
nodejs
nodejs
Code Execution through IIFE
2017-02-09 16:30:45
osv
osv
Code Execution through IIFE in node-serialize
2018-07-18 18:27:56
packetstorm
packetstorm
Node.JS Remote Code Execution
2021-02-10 00:00:00
Node.JS Remote Code Execution
2021-06-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Node.js Remote Code Execution (CVE-2017-5941)
2021-02-24 00:00:00
prion
prion
Code injection
2017-02-09 19:59:00
exploitdb
exploitdb
Node.JS - 'node-serialize' Remote Code Execution (2)
2021-02-10 00:00:00
Node.JS - 'node-serialize' Remote Code Execution
2017-02-08 00:00:00
Node.JS - 'node-serialize' Remote Code Execution (3)
2021-06-18 00:00:00
cve
cve
CVE-2017-5941
2017-02-09 19:59:00
nvd
nvd
CVE-2017-5941
2017-02-09 19:59:00