CVE-2026-1245 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in…
Medium CVSS: 6.5

CVE-2026-1245

A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without sanitization, enabling attackers to execute arbitrary code in the context of the Node.js process.
Vendor
Keichi
Product
Binary-parser
CWE
CWE-94
Yayın Tarihi
2026-01-20 19:15:50
Güncelleme
2026-02-03 21:41:59
Source Identifier
cret@cert.org
KEV Date Added
-

Kategoriler

CWE-94 Binary-parser MEDIUM Keichi 2026

Referanslar

https://github.com/keichi/binary-parser https://github.com/keichi/binary-parser/pull/283 https://kb.cert.org/vuls/id/102648 https://www.npmjs.com/package/binary-parser https://www.kb.cert.org/vuls/id/102648