14 matches found
Arbitrary Code Injection
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through lib/builtin.js. An attacker can execute host code when the allowlist includes -X or uses and then calls...
EUVD-2023-34968
Malicious code in bioql PyPI...
BIT-NODE-MIN-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
BIT-NODE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
Artica Pandora FMS 代码问题漏洞
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from a server-side request forgery SSRF vulnerability in...
Internet Bug Bounty: CVE-2023-30587 Process-based permissions can be bypassed with the "inspector" module.
A vulnerability in Node.js version 20 allowed for the bypassing of restrictions set by the --experimental-permission flag using the built-in inspector module. This vulnerability affected Node.js users who were using the permission model mechanism in Node.js 20...
CVE-2023-30587
A vulnerability was found in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector...
SUSE CVE-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20 that stems from a restriction that allows the use of a built-in inspector module to bypass flag settings...
PT-2023-4531 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A vulnerability in Node.js allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an...
Node.js: Process-based permissions can be bypassed with the "inspector" module.
Process-based permissions in Node.js can be bypassed using the built-in inspector module, allowing an attacker to access restricted resources...