PT-2024-26907 · Unknown · Javascript-Deobfuscator

Steakenthusiast

Published

2024-05-31

Updated

2024-06-04

CVE-2024-36120

CVSS v3.1

8.1

High

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions javascript-deobfuscator versions prior to 1.1.0

Description The issue concerns crafted payloads that target expression simplification, potentially leading to code execution. This is related to the expression simplification feature. Users are advised to update to version 1.1.0 to resolve the issue. For users unable to upgrade, disabling the expression simplification feature is recommended as a temporary workaround.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 to resolve the issue. For users unable to upgrade to version 1.1.0, disable the expression simplification feature as a temporary workaround.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-36120

GHSA-9P6P-8V9R-8C9M

Affected Products

Javascript-Deobfuscator

PT-2024-26907 · Unknown · Javascript-Deobfuscator

CVE-2024-36120

Weakness Enumeration

Related Identifiers

Affected Products

References · 10