Lucene search
K

7 matches found

vulnersOsv
vulnersOsv
added 2023/08/09 2:43 p.m.5 views

4337-snap (>=0.1.0 <=0.1.1), @0xpolygonid/snap-example (=1.0.0-beta.9) +322 more potentially affected by CVE-2023-39532 via ses (>=0.18.4 <=0.18.5)

ses NPM version =0.18.4, =0.1.0, =1.0.1-beta.0, =1.0.0, =1.6.3, =0.2.3, =0.2.2, =0.3.3-20230923T000433-dev-63b1fb6.0, =0.4.3-20230923T000433-dev-63b1fb6.0, =0.10.4-20230923T000433-dev-63b1fb6.0, =0.16.3-20230923T000433-dev-63b1fb6.0, =0.10.4-mainnet1B-dev-b0c1f78.0, =0.16.2-mainnet1B-dev-b0c1f78....

9.8CVSS7.2AI score0.01234EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/08/09 2:43 p.m.5 views

ses-cjs (>=1.0.0 <=1.0.1) potentially affected by CVE-2023-39532 via ses (=0.13.1)

ses NPM version =0.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on ses and may be impacted: - ses-cjs =1.0.0, =1.0.1 Source cves: CVE-2023-39532 Source advisory: OSV:GHSA-9C4H-3F7H-322R...

9.8CVSS7.2AI score0.01234EPSS
Exploits1
Circl
Circl
added 2023/08/08 8:14 p.m.6 views

CVE-2023-39532

creationtimestamp| type| source ---|---|--- 2023-08-08 20:14:25+00:00| seen| https://t.me/cibsecurity/68012...

9.8CVSS8.7AI score0.01234EPSS
Exploits1References1
NVD
NVD
added 2023/08/08 5:15 p.m.28 views

CVE-2023-39532

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

9.8CVSS9.7AI score0.01234EPSS
Exploits1References2
CVE
CVE
added 2023/08/08 4:51 p.m.53 views

CVE-2023-39532

SES is a JavaScript environment with a confinement hole in guest compartments that can allow exfiltration or arbitrary code execution via dynamic import after a spread operator ({...import(...)}) in vulnerable versions (0.18.0–0.18.7, 0.17.0–0.17.1, 0.16.0–0.16.1, 0.15.0–0.15.24, 0.14.0–0.14.5, 0...

9.8CVSS9.7AI score0.01234EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/08/08 4:51 p.m.31 views

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

9.8CVSS9.4AI score0.01234EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/08/08 4:51 p.m.39 views

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

9.8CVSS9.9AI score0.01234EPSS
Exploits1References2
Rows per page
Query Builder