Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

OSV
OSVadded 2023/08/24 2:15 a.m.2 views

UBUNTU-CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

7.5CVSS7.1AI score0.00061EPSS
Exploits1References6
Hacker One
Hacker Oneadded 2023/08/23 12:49 a.m.39 views

Internet Bug Bounty: Dependency Policy Bypass via process.binding

A vulnerability was discovered in Node.js that allowed for the bypassing of permissions policies via the use of the process.binding API. This vulnerability allowed an attacker to run arbitrary code outside of the limits defined in a policy.json file. The vulnerability affected all users using the...

7.4AI score
Exploits0
SUSE CVE
SUSE CVEadded 2023/08/11 2:13 a.m.2 views

SUSE CVE-2023-32558

The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...

7.5CVSS9.1AI score0.00193EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2023/08/11 2:13 a.m.1 views

SUSE CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

5.6CVSS8.4AI score0.00061EPSS
Exploits1References14
RedhatCVE
RedhatCVEadded 2023/08/10 10:19 a.m.32 views

CVE-2023-32558

A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the permission model through path traversal. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...

7.5CVSS8.3AI score0.00193EPSS
Exploits1References4
CNNVD
CNNVDadded 2023/08/09 12:0 a.m.2 views

Node.js path traversal vulnerability

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20 that stems from allowing an attacker to bypass the privilege model via path traversal using the API process.binding...

7.5CVSS6.9AI score0.00193EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/07/05 12:0 a.m.2 views

PT-2023-9603 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions 20.x Description: The use of the deprecated API process.binding can bypass the permission model through path traversal, potentially allowing a remote attacker to bypass security restrictions and gain unauthorized access to...

9.8CVSS7.1AI score0.00978EPSS
Exploits3References23
NVD
NVDadded 2013/03/05 9:55 p.m.13 views

CVE-2013-0908

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors...

7.5CVSS6.2AI score0.00195EPSS
Exploits0References3
Rows per page
Query Builder