FKIE_CVE-2017-1001004

Vulnerability from fkie_nvd - Published: 2017-11-27 14:29 - Updated: 2025-04-20 01:37
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
References
46fe6300-5254-4a98-9594-a9567bec8179https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106
46fe6300-5254-4a98-9594-a9567bec8179https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe
af854a3a-2127-422b-91ae-364da2661108https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106
af854a3a-2127-422b-91ae-364da2661108https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe
Impacted products
Vendor Product Version
typed_function_project typed_function *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typed_function_project:typed_function:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE759593-BF10-4875-8C88-AD101A08C6E5",
              "versionEndExcluding": "0.10.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution."
    },
    {
      "lang": "es",
      "value": "Las versiones anteriores a la 0.10.6 de typed-function ten\u00edan una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en el motor de JavaScript La creaci\u00f3n de una funci\u00f3n escrita con c\u00f3digo JavaScript en el nombre podr\u00eda resultar en la ejecuci\u00f3n arbitraria."
    }
  ],
  "id": "CVE-2017-1001004",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-27T14:29:00.333",
  "references": [
    {
      "source": "46fe6300-5254-4a98-9594-a9567bec8179",
      "url": "https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106"
    },
    {
      "source": "46fe6300-5254-4a98-9594-a9567bec8179",
      "url": "https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/josdejong/typed-function/blob/master/HISTORY.md#2017-11-18-version-0106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe"
    }
  ],
  "sourceIdentifier": "46fe6300-5254-4a98-9594-a9567bec8179",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "46fe6300-5254-4a98-9594-a9567bec8179",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.