The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2023-09-12T01:36:55.861Z

Updated: 2024-10-25T13:07:29.559Z

Reserved: 2023-05-10T01:00:12.523Z

Link: CVE-2023-32558

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-12T02:15:12.067

Modified: 2024-11-21T08:03:35.867

Link: CVE-2023-32558

cve-icon Redhat

Severity : Important

Publid Date: 2023-08-09T00:00:00Z

Links: CVE-2023-32558 - Bugzilla