9 matches found
CVE-2023-30587 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30587 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
Internet Bug Bounty: Permissions policies can be bypassed via Module._load and require.extensions (High) (CVE-2023-30587)
A vulnerability in the experimental permissions policy mechanism in Node.js was reported. The use of Module.load could bypass the policy and require unauthorized modules. This affected all active release lines. The vulnerability was reported by a researcher and fixed by the Node.js security team...
Internet Bug Bounty: CVE-2023-30587 Process-based permissions can be bypassed with the "inspector" module.
A vulnerability in Node.js version 20 allowed for the bypassing of restrictions set by the --experimental-permission flag using the built-in inspector module. This vulnerability affected Node.js users who were using the permission model mechanism in Node.js 20...
SUSE CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...