{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T23:27:04.228","vulnerabilities":[{"cve":{"id":"CVE-2026-1245","sourceIdentifier":"cret@cert.org","published":"2026-01-20T19:15:50.573","lastModified":"2026-06-17T10:15:23.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into dynamically generated code without sanitization, enabling attackers to execute arbitrary code in the context of the Node.js process."},{"lang":"es","value":"Una vulnerabilidad de inyección de código en la librería binary-parser anterior a la versión 2.3.0 permite la ejecución arbitraria de código JavaScript cuando se utilizan valores no confiables en nombres de campos del analizador o parámetros de codificación. La librería interpola directamente estos valores en código generado dinámicamente sin sanitización, permitiendo a los atacantes ejecutar código arbitrario en el contexto del proceso de Node.js."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"binary-parser","product":"binary-parser","versions":[{"version":"0","lessThan":"2.3.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-21T16:44:44.620209Z","id":"CVE-2026-1245","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:keichi:binary-parser:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.3.0","matchCriteriaId":"7FCCACB7-F3FF-4E03-91E5-3D0E0D2F69A2"}]}]}],"references":[{"url":"https://github.com/keichi/binary-parser","source":"cret@cert.org","tags":["Product"]},{"url":"https://github.com/keichi/binary-parser/pull/283","source":"cret@cert.org","tags":["Patch"]},{"url":"https://kb.cert.org/vuls/id/102648","source":"cret@cert.org","tags":["Third Party Advisory"]},{"url":"https://www.npmjs.com/package/binary-parser","source":"cret@cert.org","tags":["Product"]},{"url":"https://www.kb.cert.org/vuls/id/102648","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}