CVE-2017-5941

EPSS 60.4%

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).

Productos afectados

n/a · n/a

PoCs públicas encontradas — 11

githubgithub.com/uartu0/nodejshell★ 2 githubgithub.com/kylew1004/cve-2017-5941-poc-docker-lab★ 0 githubgithub.com/f41k0n/RCE-NodeJs★ 0 githubgithub.com/Frivolous-scholar/CVE-2017-5941-NodeJS-RCE★ 0 githubgithub.com/turnernator1/Node.js-CVE-2017-5941★ 0 githubgithub.com/Cr4zyD14m0nd137/Lab-for-cve-2018-15133★ 0 exploitdbwww.exploit-db.com/exploits/50036no verificado cve_referencepacketstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.htmlno verificado exploitdbwww.exploit-db.com/exploits/45265no verificado exploitdbwww.exploit-db.com/exploits/49552no verificado cve_referencepacketstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.html http://packetstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.html https://nodesecurity.io/advisories/311 https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/http://www.securityfocus.com/bid/96225