1 results (0.002 seconds)
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2023-39532 – SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
https://notcve.org/view.php?id=CVE-2023-39532
08 Aug 2023 — SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running... • https://github.com/endojs/endo/commit/fc90c6429604dc79ce8e3355e236ccce2bada041 • CWE-20: Improper Input Validation •