|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-11-09 | |
| Rule Name: | Node.JS -node-serialize Remote Code Execution Vulnerability (CVE-2017-5941) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:96225 http://packetstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.html http://packetstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.html https://nodesecurity.io/advisories/311 |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://nodejs.org/ |