1 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). Yank Note (YN) 3.52.1 permite la ejecución de código arbitrario cuando se abre un archivo manipulado, por ejemplo: "via nodeRequire('child_process')". Yank Note version 3.52.1 suffers from an arbitrary code execution vulnerability. • https://www.exploit-db.com/exploits/51470 http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html • CWE-732: Incorrect Permission Assignment for Critical Resource •