[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Node Browserify RCE vuln (<= 4.2.0)

To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Node Browserify RCE vuln (<= 4.2.0)
From: "Cal Leeming \[Simplicity Media Ltd\]" <cal.leeming@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Jul 2014 16:20:44 +0100

Hello,

Discovered an RCE vuln in Browserify <=4.2.0.

Maintainer patched upstream just 4 hours after responsible disclosure
yesterday, now fixed as of 4.2.1.

Summary and POC found here:
http://iops.io/blog/browserify-rce-vulnerability/

Cal

Prev by Date: [security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information
Next by Date: [security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code
Previous by thread: [security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information
Next by thread: [security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code
Index(es):
- Date
- Thread