ajinabraham.njsscan.eval.eval_yaml_deserialize.yaml_deserialize
ajinabraham
Author
unknown
Download Count*
License
User controlled data in 'yaml.load()' function can result in Remote Code Injection.
Run Locally
Run in CI
Defintion
rules:
- id: yaml_deserialize
patterns:
- pattern-inside: |
require('js-yaml')
...
- pattern: |
$X.load(...)
message: User controlled data in 'yaml.load()' function can result in Remote
Code Injection.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a8
cwe: cwe-502
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/Lp6o