CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21892 – nodejs: code injection and privilege escalation through Linux capabilities
https://notcve.org/view.php?id=CVE-2024-21892
On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. En Linux, Node.js ignora ciertas variables de entorno si pueden haber sido configuradas por un usuario sin privilegios mientras el proceso se ejecuta con privilegios elevados con la única excepción de CAP_NET_BIND_SERVICE. Debido a un error en la implementación de esta excepción, Node.js aplica incorrectamente esta excepción incluso cuando se han configurado otras capacidades. Esto permite a los usuarios sin privilegios inyectar código que hereda los privilegios elevados del proceso. A flaw was found in Node.js. • http://www.openwall.com/lists/oss-security/2024/03/11/1 https://hackerone.com/reports/2237545 https://security.netapp.com/advisory/ntap-20240322-0003 https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39333 – nodejs: code injection via WebAssembly export names
https://notcve.org/view.php?id=CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. • https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7689 – Insecure Encryption
https://notcve.org/view.php?id=CVE-2020-7689
Data is truncated wrong when its length is greater than 255 bytes. Los datos son truncados equivocadamente cuando su longitud es mayor que 255 bytes • https://github.com/kelektiv/node.bcrypt.js/issues/776 https://github.com/kelektiv/node.bcrypt.js/pull/806 https://github.com/kelektiv/node.bcrypt.js/pull/807 https://snyk.io/vuln/SNYK-JS-BCRYPT-572911 • CWE-190: Integer Overflow or Wraparound CWE-327: Use of a Broken or Risky Cryptographic Algorithm •