← voltar
CVE-2024-36120

javascript-deobfuscator crafted payload can lead to code execution

CVSS 8.2 HIGHEPSS 0.3%CWE-94
javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
ben-sb · javascript-deobfuscator

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6https://github.com/ben-sb/javascript-deobfuscator/security/advisories/GHSA-9p6p-8v9r-8c9m