CVE-2013-4660

JS-YAML <2.0.5 - RCE

Title source: llm

Description

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalmultiple

https://www.exploit-db.com/exploits/28655

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Neal Poole, joev · rubypocnodejs

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/nodejs_js_yaml_load_code_exec.rb

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://portal.nodesecurity.io/advisories/js-yaml

[Exploit, Vendor Advisory] https://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module/

Scores

EPSS 0.6451

EPSS Percentile 98.4%

Classification

CWE

CWE-20

Status draft

Affected Products (21)

nodeca/js-yaml < 2.0.4

nodeca/js-yaml

... and 6 more

Timeline

Published Jun 28, 2013

Tracked Since Feb 18, 2026