← back
CVE-2017-5941

CVE-2017-5941

EPSS 61.0%
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Popular PoC on GitHub (2 stars) — exploitation code widely available.
CVSS EPSS 61.0%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
08 Feb 2017Public PoC
09 Feb 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.