CVEFinder.io

CVE-2014-7192

⛔ critical
🔍 Scan for this CVE
Summary

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.

CVSS Score
10.0
Critical
EPSS Score
43.9
Exploit Probability
Published Date
2014-12-11
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Extremely High Risk - more severe than 100.0% of all 317,883 vulnerabilities in our database.

#1
Top 5% most severe
Severity Percentile
Last Modified 2025-04-12
Source NVD 🔗
CWE IDs (Weakness Types)
CWE-94

📦 Affected Products 1

Vendor Product Status Affected Versions
joyent node.js Affected
≤ 0.10.32

🔗 References 4

http://www-01.ibm.com/support/docview.wss?uid=swg216...
https://exchange.xforce.ibmcloud.com/vulnerabilities...
https://github.com/substack/node-syntax-error/commit...
Exploit
https://nodesecurity.io/advisories/syntax-error-pote...
Vendor Advisory

🔗 Related CVEs 1

CVE ID Severity CVSS EPSS Summary Published
CVE-2014-6394 ⚠️ high 7.5 4.8 visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the docu... 2014-10-08
These CVEs affect the same products