Sonicwall Signatures
Go to
All Categories
list.
Node.js JS-YAML Remote Code Execution
Category:
BAD-FILES
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660
© SonicWall 2020 |
Privacy Policy
|
Conditions for use
Version: 10.0
