ajinabraham.njsscan.eval.eval_deserialize.node_deserialize
ajinabraham
Author
unknown
Download Count*
License
User controlled data in 'unserialize()' or 'deserialize()' function can result in Object Injection or Remote Code Injection.
Run Locally
Run in CI
Defintion
rules:
- id: node_deserialize
patterns:
- pattern-inside: |
require('node-serialize')
...
- pattern: |
$X.unserialize(...)
message: User controlled data in 'unserialize()' or 'deserialize()' function can
result in Object Injection or Remote Code Injection.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a8
cwe: cwe-502
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/kR32