• Nodejs js-yaml load() Code Execution
    Disclosure Date: 2013-06-28
    First seen: 2020-04-26
    exploit/multi/fileformat/nodejs_js_yaml_load_code_exec
    This module can be used to abuse node.js applications that parse user-supplied YAML input using the load() function from the 'js-yaml' package < 2.0.5, which doesn't properly handle the unsafe !!js/function tag, allowing to specify a self-executing function which results on execution of arbitrary javascript code. Authors: - Neal Poole - joev <joev@metasploit.com>
1 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!