Js-yaml Project » Js-yaml : Security Vulnerabilities, CVEs, (Code Execution)
CVE-2013-4660
Public exploit
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
Max CVSS
6.8
EPSS Score
93.32%
Published
2013-06-28
Updated
2013-07-01
1 vulnerabilities found