CVE-2024-36120— javascript-deobfuscator crafted payload can lead to code execution

javascript-deobfuscator crafted payload can lead to code execution

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

对生成代码的控制不恰当(代码注入)

JavaScript deobfuscator 安全漏洞

JavaScript deobfuscator是Ben个人开发者的一个简单但功能强大的反混淆器。 JavaScript deobfuscator 1.1.0之前版本存在安全漏洞，该漏洞源于针对表达式简化的精心设计的有效载荷可能会导致代码执行。

N/A

N/A