CVE-2014-7192

Sažetak

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21690815
https://exchange.xforce.ibmcloud.com/vulnerabilities/96728
https://github.com/substack/node-syntax-error/commit/9aa4e66eb90ec595d2dba55e6f9c2dd9a668b309
https://nodesecurity.io/advisories/syntax-error-potential-script-injection

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-09-2017 - 01:29

Objavljeno

11-12-2014 - 11:59