CVE-2017-15871

CVE-2017-15871

** DISPUTED ** The deserialize function in serialize-to-js through 1.1.1 allows attackers to bypass intended access restrictions via vectors involving a "function()" substring, as demonstrated by a "function(){console.log(" call. NOTE: The vendor states ‘In my understanding [this attack] just runs inside a "sandbox" and prints … to a tty.’

Source: CVE-2017-15871

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다