vulnerability
Oracle Linux: CVE-2023-39333: ELSA-2023-5849: 18 security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Oct 13, 2023 | Jul 22, 2024 | Jan 8, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Oct 13, 2023
Added
Jul 22, 2024
Modified
Jan 8, 2025
Description
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.
This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.
This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.
Solution(s)
oracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-full-i18noracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-nodejs-packaging-bundleroracle-linux-upgrade-npm

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.