High severityNVD Advisory· Published Dec 11, 2014· Updated May 6, 2026

CVE-2014-7192

Description

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
syntax-errornpm	< 1.1.1	1.1.1

Affected products

Joyent/Node.js
cpe:2.3:a:joyent:node.js:*:*:*:*:*:*:*:*
Range: <=0.10.32

Patches

9aa4e66eb90e

https://github.com/substack/node-syntax-errorvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/substack/node-syntax-error/commit/9aa4e66eb90ec595d2dba55e6f9c2dd9a668b309nvdExploitWEB
github.com/advisories/GHSA-5726-g6r9-5f22ghsaADVISORY
nodesecurity.io/advisories/syntax-error-potential-script-injectionnvdVendor Advisory
nvd.nist.gov/vuln/detail/CVE-2014-7192ghsaADVISORY
www-01.ibm.com/support/docview.wssnvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/96728nvdWEB
github.com/substack/node-browserify/blob/master/changelog.markdownghsaWEB
www.npmjs.com/advisories/37ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.035
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000