|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-04-16 | |
| Rule Name: | Node.JS -node-serialize Remote Code Execution Vulnerability (CVE-2017-5941) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:96225 http://packetstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.html https://nodesecurity.io/advisories/311 https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/ |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://nodejs.org/ |