CVE-2017-5941
CVE-2017-5941
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Produtos afetados
n/a · n/aPoCs públicas encontradas — 11
githubgithub.com/uartu0/nodejshell★ 2githubgithub.com/kylew1004/cve-2017-5941-poc-docker-lab★ 0githubgithub.com/f41k0n/RCE-NodeJs★ 0githubgithub.com/Frivolous-scholar/CVE-2017-5941-NodeJS-RCE★ 0githubgithub.com/turnernator1/Node.js-CVE-2017-5941★ 0githubgithub.com/Cr4zyD14m0nd137/Lab-for-cve-2018-15133★ 0exploitdbwww.exploit-db.com/exploits/50036não verificadocve_referencepacketstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/45265não verificadoexploitdbwww.exploit-db.com/exploits/49552não verificadocve_referencepacketstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.htmlhttps://nodesecurity.io/advisories/311https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/http://www.securityfocus.com/bid/96225