EUVD-2023-36802

Malicious code in bioql PyPI...

Internet Bug Bounty: Permissions policies can be bypassed via Module._load and require.extensions (High) (CVE-2023-30587)

A vulnerability in the experimental permissions policy mechanism in Node.js was reported. The use of Module.load could bypass the policy and require unauthorized modules. This affected all active release lines. The vulnerability was reported by a researcher and fixed by the Node.js security team...

CVE-2023-32558

The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...

Path traversal

The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...

PT-2023-9603 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions 20.x Description: The use of the deprecated API process.binding can bypass the permission model through path traversal, potentially allowing a remote attacker to bypass security restrictions and gain unauthorized access to...