Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
nodejs 输入验证错误漏洞
Vulnerability Description
nodejs是是一个基于ChromeV8引擎的JavaScript运行环境通过对Chromev8引擎进行了封装以及使用事件驱动和非阻塞IO的应用让Javascript开发高性能的后台应用成为了可能。 nodejs 的JS-YAML模块2.0.5之前的版本中存在输入验证错误漏洞,该漏洞源于程序解析输入没有正确考虑不安全的!!js/function标签。远程攻击者可通过特制的字符串触发评估(eval)操作,利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A