CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

OSV•added 2024/12/16 2:0 p.m.•12 views

BIT-NODE-MIN-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

7.5CVSS7.6AI score0.02023EPSS

Exploits0References3

RedHat Linux•added 2024/08/26 8:36 a.m.•3 views

nodejs: fs.fchown/fchmod bypasses permission model

A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner...

3.3CVSS7.3AI score0.00395EPSS

Exploits0References4

Snyk•added 2024/07/09 10:12 a.m.•1 views

Authorization Bypass

Overview Affected versions of this package are vulnerable to Authorization Bypass due to a failure to restrict file stats through the fs.lstat API that allows attackers to retrieve stats from files to which they do not have explicit read access. Note: This is exploitable only for users of the...

4.2CVSS6.8AI score0.00458EPSS

Exploits0References2

OSV•added 2024/03/06 11:2 a.m.•32 views

BIT-NODE-2023-23918

7.5CVSS7.6AI score0.02023EPSS

Exploits0References3

CNNVD•added 2024/02/20 12:0 a.m.•3 views

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 20 and 21 that stems from the permissions model's failure to clarify in the documentation that wildcards can only be used as the last character of file paths, potentially...

6.5CVSS7.8AI score0.00945EPSS

Exploits0References3

Tenable Nessus•added 2023/08/30 12:0 a.m.•35 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:3455-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3455-1 advisory. - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed...

9.8CVSS6.8AI score0.03906EPSS

Exploits2References22

Tenable Nessus•added 2023/07/20 12:0 a.m.•21 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-243)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-243 advisory. A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cau...

8.6CVSS7.3AI score0.02023EPSS

Exploits1References6

Tenable Nessus•added 2023/04/13 12:0 a.m.•45 views

Oracle Linux 8 : nodejs:14 (ELSA-2023-1743)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1743 advisory. nodejs 1:14.21.3-1 - Rebase to 14.21.3 Resolves: rhbz2153712 Resolves: CVE-2022-25881 CVE-2023-23918 CVE-2023-23920 CVE-2022-38900 Resolves:...

8.6CVSS6.8AI score0.24928EPSS

Exploits4References8

RedHat Linux•added 2023/04/12 3:4 p.m.•2 views

Node.js: Permissions policies can be bypassed via process.mainModule

7.5CVSS7.2AI score0.02023EPSS

Exploits0References4

Tenable Nessus•added 2023/03/28 12:0 a.m.•39 views

CBL Mariner 2.0 Security Update: nodejs (CVE-2023-23918)

The version of nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-23918 advisory. - A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it...

7.5CVSS7.1AI score0.02023EPSS

Exploits0References2

NVD•added 2023/02/23 8:15 p.m.•22 views

CVE-2023-23918

7.5CVSS7.7AI score0.02023EPSS

Exploits0References2

OSV•added 2023/02/23 8:15 p.m.•3 views

ALPINE-CVE-2023-23918

7.5CVSS7.2AI score0.02023EPSS

Exploits0References1

OSV•added 2023/02/23 8:15 p.m.•2 views

DEBIAN-CVE-2023-23918

7.5CVSS7AI score0.02023EPSS

Exploits0References1

OSV•added 2023/02/23 8:15 p.m.•6 views

AZL-13776 CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1

7.5CVSS6.9AI score0.02023EPSS

Exploits0References1

Prion•added 2023/02/23 8:15 p.m.•23 views

Privilege escalation

5CVSS7.7AI score0.02023EPSS

Exploits0References2Affected Software1

OSV•added 2023/02/23 8:15 p.m.•1 views

UBUNTU-CVE-2023-23918

7.5CVSS7AI score0.02023EPSS

Exploits0References6

CVE•added 2023/02/23 12:0 a.m.•399 views

CVE-2023-23918

CVE-2023-23918 affects Node.js runtimes prior to certain fixed releases (examples from connected docs include Node.js 14.21.3, 16.19.1, 18.14.2; some entries reference 18.19.x as fixed). The vulnerability allows bypassing the experimental Permissions feature when enabled with --experimental-polic...

7.5CVSS8AI score0.02023EPSS

Exploits0References2Affected Software1