Количество 20
Количество 20
CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy ...
GHSA-g467-j8jp-rq97
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
BDU:2023-04955
Уязвимость модуля process.binding() программной платформы Node.js, позволяющая нарушителю обойти существующие ограничения безопасности
SUSE-SU-2023:3400-1
Security update for nodejs16
SUSE-SU-2023:3379-1
Security update for nodejs16
SUSE-SU-2023:3378-1
Security update for nodejs18
SUSE-SU-2023:3356-1
Security update for nodejs18
SUSE-SU-2023:3355-1
Security update for nodejs16
RLSA-2023:5532
Important: nodejs security and bug fix update
ELSA-2023-5532
ELSA-2023-5532: nodejs security and bug fix update (IMPORTANT)
ELSA-2023-5363
ELSA-2023-5363: nodejs:18 security, bug fix, and enhancement update (IMPORTANT)
ELSA-2023-5362
ELSA-2023-5362: nodejs:18 security, bug fix, and enhancement update (IMPORTANT)
ELSA-2023-5360
ELSA-2023-5360: nodejs:16 security, bug fix, and enhancement update (IMPORTANT)
SUSE-SU-2023:3408-1
Security update for nodejs14
SUSE-SU-2023:3306-1
Security update for nodejs14
SUSE-SU-2023:3455-1
Security update for nodejs12
ROS-20240916-03
Множественные уязвимости nodejs
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-32559 A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2023-32559 A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2023-32559 A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| CVE-2023-32559 A privilege escalation vulnerability exists in the experimental policy ... | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| GHSA-g467-j8jp-rq97 A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | CVSS3: 9.8 | 0% Низкий | почти 2 года назад |
 | BDU:2023-04955 Уязвимость модуля process.binding() программной платформы Node.js, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | SUSE-SU-2023:3400-1 Security update for nodejs16 | почти 2 года назад | ||
| SUSE-SU-2023:3379-1 Security update for nodejs16 | почти 2 года назад | ||
| SUSE-SU-2023:3378-1 Security update for nodejs18 | почти 2 года назад | ||
| SUSE-SU-2023:3356-1 Security update for nodejs18 | почти 2 года назад | ||
| SUSE-SU-2023:3355-1 Security update for nodejs16 | почти 2 года назад | ||
 | RLSA-2023:5532 Important: nodejs security and bug fix update | больше 1 года назад | ||
| ELSA-2023-5532 ELSA-2023-5532: nodejs security and bug fix update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2023-5363 ELSA-2023-5363: nodejs:18 security, bug fix, and enhancement update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2023-5362 ELSA-2023-5362: nodejs:18 security, bug fix, and enhancement update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2023-5360 ELSA-2023-5360: nodejs:16 security, bug fix, and enhancement update (IMPORTANT) | больше 1 года назад | ||
| SUSE-SU-2023:3408-1 Security update for nodejs14 | почти 2 года назад | ||
| SUSE-SU-2023:3306-1 Security update for nodejs14 | почти 2 года назад | ||
| SUSE-SU-2023:3455-1 Security update for nodejs12 | почти 2 года назад | ||
 | ROS-20240916-03 Множественные уязвимости nodejs | CVSS3: 7.5 | 9 месяцев назад |
Уязвимостей на страницу