BIT-node-2023-39333

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2023-39333.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-node-2023-39333
Aliases
Published
2024-09-10T07:16:15.926Z
Modified
2024-09-10T08:12:33.453182Z
Summary
[none]
Details

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the --experimental-wasm-modules command line option.

References

Affected packages

Bitnami / node

Package

Name
node
Purl
pkg:bitnami/node

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
19.0.0
Fixed
20.8.1
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.18.2