CVE-2024-36120 HIGH

CVE-2024-36120: javascript-deobfuscator crafted payload can lead to code execution

Vendor Ben-Sb

Product javascript-deobfuscator

Weakness CWE-94 · Code injection

Published May 31, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

Description

javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.

Key dates

Disclosure timeline

May 31, 2024 CVE published

August 2, 2024 Record updated