Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.
History

Fri, 22 Nov 2024 12:00:00 +0000


Fri, 04 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Nodejs
Nodejs nodejs
CPEs cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*
Vendors & Products Nodejs
Nodejs nodejs
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
References

Sat, 07 Sep 2024 16:15:00 +0000

Type Values Removed Values Added
Description Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-09-07T16:00:36.005Z

Updated: 2024-10-04T15:02:45.457Z

Reserved: 2023-07-28T01:00:12.349Z

Link: CVE-2023-39333

cve-icon Vulnrichment

Updated: 2024-10-04T15:02:45.457Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-07T16:15:02.287

Modified: 2024-11-21T08:15:10.733

Link: CVE-2023-39333

cve-icon Redhat

Severity : Low

Publid Date: 2023-10-13T00:00:00Z

Links: CVE-2023-39333 - Bugzilla