CVE-2023-32558

🗓️ 10 Aug 2023 10:19:35Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 32 Views

Vulnerability in NodeJS due to deprecated API process.binding() allowing path traversal

Reporter	Title	Published	Views	Family All 65
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1	16 Nov 202315:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple Node.js vulnerabilities	31 Jan 202413:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	26 Sep 202308:26	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.	20 Dec 202316:10	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities	14 Sep 202317:19	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway	2 Oct 202320:07	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.13 and earlier	12 Oct 202319:11	–	ibm
BDU FSTEC	The vulnerability of the process.binding() function in the Node.js software platform allows attackers to circumvent security restrictions and gain unauthorized access to protected information.	29 Oct 202400:00	–	bdu_fstec
Chainguard	CVE-2023-32558 vulnerabilities	12 Sep 202302:15	–	cgr
Circl	CVE-2023-32558	14 Nov 202412:00	–	circl

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-32558
nodejs	www.nodejs.org/en/blog/vulnerability/august-2023-security-releases
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

20 Apr 2024 08:54Current

8.3High risk

Vulners AI Score8.3

CVSS 3.17.5

EPSS0.00193

nodejs vulnerability deprecated api process binding path traversal mitigation unavailable red hat product security