Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.
This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 04 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nodejs
Nodejs nodejs |
|
CPEs | cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:* | |
Vendors & Products |
Nodejs
Nodejs nodejs |
|
References |
|
|
Metrics |
ssvc
|
Mon, 09 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Sat, 07 Sep 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. | Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. |
References |
|
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-09-07T16:00:36.005Z
Updated: 2024-10-04T15:02:45.457Z
Reserved: 2023-07-28T01:00:12.349Z
Link: CVE-2023-39333
Vulnrichment
Updated: 2024-10-04T15:02:45.457Z
NVD
Status : Awaiting Analysis
Published: 2024-09-07T16:15:02.287
Modified: 2024-11-21T08:15:10.733
Link: CVE-2023-39333
Redhat