Js-yaml Project : Security Vulnerabilities, CVEs,
CVE-2013-4660
Public exploit
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
Max CVSS
6.8
EPSS Score
94.21%
Published
2013-06-28
Updated
2013-07-01
1 vulnerabilities found