CVE-2014-7192
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Potential for Script Injection in syntax-error
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://nodesecurity.io/advisories/syntax-error-potential-script-injection
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | syntax-error | <1.1.1 | 1.1.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| joyent | node.js | {"endIncluding":"0.10.32"} | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21690815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96728
- https://github.com/substack/node-syntax-error/commit/9aa4e66eb90ec595d2dba55e6f9c2dd9a668b309
- https://nodesecurity.io/advisories/syntax-error-potential-script-injection
- https://nvd.nist.gov/vuln/detail/CVE-2014-7192
- https://github.com/advisories/GHSA-5726-g6r9-5f22
- https://github.com/substack/node-browserify/blob/master/changelog.markdown#421
- https://github.com/substack/node-syntax-error
- https://www.npmjs.com/advisories/37
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.