7 matches found
4337-snap (>=0.1.0 <=0.1.1), @0xpolygonid/snap-example (=1.0.0-beta.9) +322 more potentially affected by CVE-2023-39532 via ses (>=0.18.4 <=0.18.5)
ses NPM version =0.18.4, =0.1.0, =1.0.1-beta.0, =1.0.0, =1.6.3, =0.2.3, =0.2.2, =0.3.3-20230923T000433-dev-63b1fb6.0, =0.4.3-20230923T000433-dev-63b1fb6.0, =0.10.4-20230923T000433-dev-63b1fb6.0, =0.16.3-20230923T000433-dev-63b1fb6.0, =0.10.4-mainnet1B-dev-b0c1f78.0, =0.16.2-mainnet1B-dev-b0c1f78....
ses-cjs (>=1.0.0 <=1.0.1) potentially affected by CVE-2023-39532 via ses (=0.13.1)
ses NPM version =0.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on ses and may be impacted: - ses-cjs =1.0.0, =1.0.1 Source cves: CVE-2023-39532 Source advisory: OSV:GHSA-9C4H-3F7H-322R...
CVE-2023-39532
creationtimestamp| type| source ---|---|--- 2023-08-08 20:14:25+00:00| seen| https://t.me/cibsecurity/68012...
CVE-2023-39532
SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...
CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...
CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...
CVE-2023-39532
SES is a JavaScript environment with a confinement hole in guest compartments that can allow exfiltration or arbitrary code execution via dynamic import after a spread operator ({...import(...)}) in vulnerable versions (0.18.0–0.18.7, 0.17.0–0.17.1, 0.16.0–0.16.1, 0.15.0–0.15.24, 0.14.0–0.14.5, 0...