PT-2017-10978 · Unknown · Typed-Function

Masato Kinugawa

Published

2017-11-27

Updated

2020-09-02

CVE-2017-1001004

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions typed-function versions prior to 0.10.6

Description The issue allows for arbitrary code execution in the JavaScript engine. This can occur when creating a typed function with JavaScript code in the name, potentially leading to arbitrary execution. The problem stems from improper sanitization of function names, which may enable an attacker to execute arbitrary code.

Recommendations For versions prior to 0.10.6, upgrade to version 0.10.6 or later.

Fix

Code Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

CVE-2017-1001004

GHSA-3QH4-R86R-GRVM

Affected Products

Typed-Function

PT-2017-10978 · Unknown · Typed-Function

CVE-2017-1001004

Weakness Enumeration

Related Identifiers

Affected Products

References · 8