CVE-2013-4660 – Nodejs js-yaml load() Code Execution

https://notcve.org/view.php?id=CVE-2013-4660

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation. El módulo JS-YAML antes de v2.0.5 para Node.js analiza la entrada sin considerar adecuadamente etiqueta insegura !!js/function, lo que permite a atacantes remotos ejecutar código arbitrario a través de una cadena modificada que desencadena una operación eval. • https://www.exploit-db.com/exploits/28655 http://portal.nodesecurity.io/advisories/js-yaml https://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/fileformat/nodejs_js_yaml_load_code_exec.rb • CWE-20: Improper Input Validation •