📂 Vulnerable Library - node-serialize-0.0.4.tgz
Serialize a object including it's function into a JSON.
Library home page: https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-serialize/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2017-5941 |
🟣 Critical |
9.3 |
Not Defined |
77.9% |
node-serialize-0.0.4.tgz |
Direct |
N/A |
❌ |
 Reachable |
Details
🟣CVE-2017-5941
Vulnerable Library - node-serialize-0.0.4.tgz
Serialize a object including it's function into a JSON.
Library home page: https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-serialize/package.json
Dependency Hierarchy:
- ❌ node-serialize-0.0.4.tgz (Vulnerable Library)
Reachability Analysis
This vulnerability is potentially reachable:
- dvna-0.0.1/core/appHandler.js (Application)
-> ❌ node-serialize-0.0.4/lib/serialize.js (Vulnerable Component)
Vulnerability Details
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Publish Date: Feb 09, 2017 07:00 PM
URL: CVE-2017-5941
Threat Assessment
Exploit Maturity:Not Defined
EPSS:77.9%
Score: 9.3
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
📂 Vulnerable Library - node-serialize-0.0.4.tgz
Serialize a object including it's function into a JSON.
Library home page: https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-serialize/package.json
Findings
Details
🟣CVE-2017-5941
Vulnerable Library - node-serialize-0.0.4.tgz
Serialize a object including it's function into a JSON.
Library home page: https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-serialize/package.json
Dependency Hierarchy:
Reachability Analysis
This vulnerability is potentially reachable:
Vulnerability Details
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Publish Date: Feb 09, 2017 07:00 PM
URL: CVE-2017-5941
Threat Assessment
Exploit Maturity:Not Defined
EPSS:77.9%
Score: 9.3
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :