CVE-2013-4660
28.06.2013, 14:55
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.Enginsight
| Vendor | Product | Version |
|---|---|---|
| nodeca | js-yaml | 𝑥 ≤ 2.0.4 |
| nodeca | js-yaml | 0.2.0 |
| nodeca | js-yaml | 0.2.1 |
| nodeca | js-yaml | 0.2.2 |
| nodeca | js-yaml | 0.3.0 |
| nodeca | js-yaml | 0.3.1 |
| nodeca | js-yaml | 0.3.2 |
| nodeca | js-yaml | 0.3.3 |
| nodeca | js-yaml | 0.3.4 |
| nodeca | js-yaml | 0.3.5 |
| nodeca | js-yaml | 0.3.6 |
| nodeca | js-yaml | 0.3.7 |
| nodeca | js-yaml | 1.0.0 |
| nodeca | js-yaml | 1.0.1 |
| nodeca | js-yaml | 1.0.2 |
| nodeca | js-yaml | 1.0.3 |
| nodeca | js-yaml | 2.0.0 |
| nodeca | js-yaml | 2.0.1 |
| nodeca | js-yaml | 2.0.2 |
| nodeca | js-yaml | 2.0.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration