NVD

Id
40217  
Name
CVE-2013-4660  
Description
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-06-28  
Modified Date
2013-07-01  
Seq
2013-4660  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
204603 40217 CVE-2013-4660 http://portal.nodesecurity.io/advisories/js-yaml  View
204604 40217 CVE-2013-4660 https://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
21583 JVNDB-2013-003158 Node.js 用 JS-YAML モジュールにおける任意のコードを実行される脆弱性 Node.js 用 JS-YAML モジュールは、危険性のある !!js/function タグを適切に考慮せずに入力を解析するため、任意のコードを実行される脆弱性が存在します。 CVE-2013-4660 64602 CVE-2013-4660 40217 6.8 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-003158.html 2013-06-23 2013-07-02 View