Js-Yaml Project: >> Js-Yaml Security Vulnerabilities
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
CVSS Score
6.8
EPSS Score
0.656
Published
2013-06-28