MidnightBSD

Advisories for js-yaml_project

CVE-2013-4660 MEDIUM

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
js-yaml_project js-yaml 0.2.0
js-yaml_project js-yaml 1.0.2
js-yaml_project js-yaml 0.3.7
js-yaml_project js-yaml 0.3.1
js-yaml_project js-yaml 2.0.1
js-yaml_project js-yaml 2.0.3
js-yaml_project js-yaml 0.3.5
js-yaml_project js-yaml *
js-yaml_project js-yaml 0.3.4
js-yaml_project js-yaml 1.0.0
js-yaml_project js-yaml 2.0.0
js-yaml_project js-yaml 2.0.2
js-yaml_project js-yaml 1.0.1
js-yaml_project js-yaml 0.2.1
js-yaml_project js-yaml 0.3.2
js-yaml_project js-yaml 1.0.3
js-yaml_project js-yaml 0.3.3
js-yaml_project js-yaml 0.2.2
js-yaml_project js-yaml 0.3.0
js-yaml_project js-yaml 0.3.6