RSS   Vulnerabilities for 'Js-yaml'   RSS

2013-06-28
 
CVE-2013-4660

CWE-20
 

 
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.

 


Copyright 2024, cxsecurity.com

 

Back to Top