Remote Code Execution Vulnerability in JS-YAML Module for Node.js

Remote Code Execution Vulnerability in JS-YAML Module for Node.js

CVE-2013-4660 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.

Learn more about our Web Application Penetration Testing UK.