Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-7192Code Injection in Node.js

CWE-94Code Injection6 documents5 sources
Severity
10.0CRITICALNVD
EPSS
43.9%
top 2.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Joyent Node.js
Timeline
PublishedDec 11
Latest updateOct 24

Description

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDjoyent/node.js0.10.32

🔴Vulnerability Details

4
GHSA
Potential for Script Injection in syntax-error2017-10-24
OSV
Potential for Script Injection in syntax-error2017-10-24
CVEList
CVE-2014-7192: Eval injection vulnerability in index2014-12-11
OSV
CVE-2014-7192: Eval injection vulnerability in index2014-12-11

💥Exploits & PoCs

1
Exploit-DB
Node Browserify 4.2.0 - Remote Code Execution2014-07-16
CVE-2014-7192 — Code Injection in Joyent Node.js | cvebase