CVEs-PoC/2017/CVE-2017-5954.md at 41660f82847d502ecceebeb0ed4ece4eac525b52

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 22:35:37 +02:00

Files

T

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ossf-cve-benchmark/CVE-2017-5954

770 B Raw Blame History

CVE-2017-5954

Description

POC

Reference

Github

770 B

Raw Blame History