The use of the deprecated API `process.binding()` can bypass the permission model through path traversal.
This vulnerability affects all users using the experimental permission model in Node.js 20.x.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2023-09-12T01:36:55.861Z
Updated: 2024-10-25T13:07:29.559Z
Reserved: 2023-05-10T01:00:12.523Z
Link: CVE-2023-32558
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-12T02:15:12.067
Modified: 2024-11-21T08:03:35.867
Link: CVE-2023-32558
Redhat