CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2024/03/06 10:59 a.m.•25 views

BIT-NODE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

7.5CVSS8.5AI score0.00061EPSS

Exploits1References4

Veracode•added 2023/11/29 5:46 a.m.•25 views

Prototype Pollution

NodeJS is vulnerable to Prototype Pollution. The vulnerability is caused due to bypassing the policy mechanism in the use of proto in process.mainModule.proto.require. This can lead to require and load modules outside of the policy.json definition...

7.5CVSS6.5AI score0.00018EPSS

Exploits0References2Affected Software1

Debian CVE•added 2023/11/22 11:28 p.m.•71 views

CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

7.5CVSS7.4AI score0.00018EPSS

RedHat Linux•added 2023/10/09 10:29 a.m.•0 views

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

RedHat Linux•added 2023/09/26 3:5 p.m.•0 views

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

RedHat Linux•added 2023/09/26 2:59 p.m.•0 views

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

RedHat Linux•added 2023/09/26 2:56 p.m.•0 views

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

UbuntuCve•added 2023/08/24 2:15 a.m.•24 views

CVE-2023-32559

7.5CVSS7AI score0.00061EPSS

Exploits1References5

Vulnrichment•added 2023/08/24 1:23 a.m.•16 views

CVE-2023-32559

7.9AI score0.00061EPSS

Exploits1References2

AlpineLinux•added 2023/08/24 1:23 a.m.•116 views

CVE-2023-32559

7.5CVSS9.1AI score0.00061EPSS

Exploits1

CVE•added 2023/08/24 1:23 a.m.•3135 views

CVE-2023-32559

CVE-2023-32559 describes a privilege-escalation vulnerability in Node.js via the experimental policy mechanism. The attack leverages the deprecated API process.binding(), potentially bypassing policy.json and abusing process.binding('spawn_sync') to run arbitrary code outside policy limits. The i...

7.5CVSS8.7AI score0.00061EPSS

Exploits1References3Affected Software1

Microsoft CVE•added 2023/08/21 7:0 a.m.•2 views

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x 18.x and 20.x. Please note that at the time this CVE was issued the policy is an experimental feature of Node.js.

...

8.8CVSS7.4AI score0.00074EPSS

Prion•added 2023/08/15 4:15 p.m.•32 views

Code injection

6.5CVSS9AI score0.00074EPSS

Exploits0References4Affected Software2

UbuntuCve•added 2023/08/15 4:15 p.m.•28 views

CVE-2023-32006

8.8CVSS6.9AI score0.00074EPSS

Cvelist•added 2023/08/15 3:10 p.m.•21 views

CVE-2023-32006

9.5AI score0.00074EPSS

Exploits0References4

Debian CVE•added 2023/08/15 3:10 p.m.•25 views

CVE-2023-32006

8.8CVSS7.6AI score0.00074EPSS

AlpineLinux•added 2023/08/15 3:10 p.m.•49 views

CVE-2023-32006

8.8CVSS9.5AI score0.00074EPSS