Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:25545
HistoryJun 02, 2020 - 1:30 a.m.

Remote Code Execution (RCE)

2020-06-0201:30:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12

EPSS

0.01

Percentile

83.9%

JSON

serialize-javascript is vulnerable to remote code execution (RCE). The attack exists because the deleteFunctions within index.js does not sanitize the objects foo and bar and generates the value of internal UID `` using Math.random() function with insufficient entropy, allowing an attacker to brute force the possible values and inject malicious code.

Related

osv 2
redhatcve 1
cve 1
githubexploit 1
cvelist 1
prion 1
nvd 1
github 1
nessus 2
redhat 2
ibm 3
osv
osv
Insecure serialization leading to RCE in serialize-javascript
2020-08-11 17:21:13
CVE-2020-7660
2020-06-01 15:15:14
redhatcve
redhatcve
CVE-2020-7660
2020-06-04 20:21:56
cve
cve
CVE-2020-7660
2020-06-01 15:15:14
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Verizon Serialize-Javascript
2020-12-01 09:45:48
cvelist
cvelist
CVE-2020-7660
2020-06-01 14:50:55
prion
prion
Code injection
2020-06-01 15:15:00
nvd
nvd
CVE-2020-7660
2020-06-01 15:15:14
github
github
Insecure serialization leading to RCE in serialize-javascript
2020-08-11 17:21:13
nessus
nessus
RHEL 8 : Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana (RHSA-2020:2861)
2020-07-07 00:00:00
RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-grafana (RHSA-2020:2796)
2020-07-01 00:00:00
redhat
redhat
(RHSA-2020:2861) Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana security update
2020-07-07 19:20:27
(RHSA-2020:2796) Important: Red Hat OpenShift Service Mesh servicemesh-grafana security update
2020-07-01 18:27:56
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System
2022-08-17 09:46:50
Security Bulletin: Critical Vulnerabilities in libraries used by libraries that IBM Spectrum discover is using (libraries of libraries)
2022-03-28 16:33:43
Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to multiple vulnerabilities
2023-12-12 17:28:22

EPSS

0.01

Percentile

83.9%

JSON
Related for VERACODE:25545
osv2redhatcve1cve1githubexploit1cvelist1prion1nvd1github1nessus2redhat2ibm3