PT-2017-10978 · Unknown · Typed-Function

Masato Kinugawa

Publicado

2017-11-27

Atualizado

2020-09-02

CVE-2017-1001004

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions typed-function versions prior to 0.10.6

Description The issue allows for arbitrary code execution in the JavaScript engine. This can occur when creating a typed function with JavaScript code in the name, potentially leading to arbitrary execution. The problem stems from improper sanitization of function names, which may enable an attacker to execute arbitrary code.

Recommendations For versions prior to 0.10.6, upgrade to version 0.10.6 or later.

Correção

Code Injection

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-20

Identificadores relacionados

CVE-2017-1001004

GHSA-3QH4-R86R-GRVM

Produtos afetados

Typed-Function

PT-2017-10978 · Unknown · Typed-Function

CVE-2017-1001004

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8