exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2023-32559

Status Candidate

Overview

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Related Files

Ubuntu Security Notice USN-6822-1
Posted Jun 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6822-1 - It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2023-32002, CVE-2023-32559
SHA-256 | 56af1cd66722a1eb5f6a693a34869045fe3ef0caa4ecbe64e54e6947bfb6b639
Debian Security Advisory 5589-1
Posted Dec 28, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559, CVE-2023-38552, CVE-2023-39333
SHA-256 | 99cc458c7d37e5ed3bbb9cd1ecafd2849b5c2bd6325b06e8297be7edef82db88
Red Hat Security Advisory 2023-5533-01
Posted Oct 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.

tags | advisory, web, denial of service, overflow, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-4904, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | a1de4803284127ae04070476723bb3381abb23fa8706dae7ab1c90bb1713980b
Red Hat Security Advisory 2023-5532-01
Posted Oct 10, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5532-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a bypass vulnerability.

tags | advisory, javascript, bypass
systems | linux, redhat
advisories | CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | 65ebad59c8253e88e2143d622570a561509704bf12c8076c64a6937f8aabc54b
Red Hat Security Advisory 2023-5362-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5362-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | 495a3f24d2632110634309010865240af57a5ea7b556b056d308808eae784582
Red Hat Security Advisory 2023-5361-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.

tags | advisory, web, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-30581, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | d17f1315e979971a3621829636966df0e1f09cfbdf28fa99e162ce75d2223793
Red Hat Security Advisory 2023-5360-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5360-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | e81e319d29d715b4f89864cf976c9fc33fedd006c1df0d2ae413f8194ec09eff
Red Hat Security Advisory 2023-5363-01
Posted Sep 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5363-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, javascript, vulnerability
systems | linux, redhat
advisories | CVE-2022-25883, CVE-2023-32002, CVE-2023-32006, CVE-2023-32559
SHA-256 | c847a25ac05fb577d9d312fccc92714b065a2a75511c21413ff647b9c3fbba48
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close