When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check.
Impacts:
This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.
Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2023-10-18T03:55:18.483Z
Updated: 2024-11-27T15:15:26.856Z
Reserved: 2023-07-20T01:00:12.444Z
Link: CVE-2023-38552
Vulnrichment
Updated: 2024-08-02T17:46:56.500Z
NVD
Status : Modified
Published: 2023-10-18T04:15:11.200
Modified: 2024-11-21T08:13:48.830
Link: CVE-2023-38552
Redhat