Metasploit modules that can be used to exploit Js-yaml Project » Js-yaml
-
Nodejs js-yaml load() Code Execution
Disclosure Date: 2013-06-28First seen: 2020-04-26exploit/multi/fileformat/nodejs_js_yaml_load_code_execThis module can be used to abuse node.js applications that parse user-supplied YAML input using the load() function from the 'js-yaml' package < 2.0.5, which doesn't properly handle the unsafe !!js/function tag, allowing to specify a self-executing function which results on execution of arbitrary javascript code. Authors: - Neal Poole - joev <joev@metasploit.com>
1 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details