javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.
References
Configurations
History
06 Mar 2025, 14:24
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| First Time |
Deobfuscate
Deobfuscate javascript Deobfuscator |
|
| CPE | cpe:2.3:a:deobfuscate:javascript_deobfuscator:*:*:*:*:*:*:*:* | |
| CWE | CWE-94 | |
| References | () https://github.com/ben-sb/javascript-deobfuscator/commit/630d3caec83d5f31c5f7a07e6fadf613d06699d6 - Patch | |
| References | () https://github.com/ben-sb/javascript-deobfuscator/security/advisories/GHSA-9p6p-8v9r-8c9m - Vendor Advisory |
31 May 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-05-31 17:15
Updated : 2025-03-06 14:24
NVD link : CVE-2024-36120
Mitre link : CVE-2024-36120
JSON object : View
Products Affected
deobfuscate
- javascript_deobfuscator
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')