CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3566 – Command injection vulnerability in programing languages on Microsoft Windows operating system.
https://notcve.org/view.php?id=CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. • https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows https://kb.cert.org/vuls/id/123335 https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way https://www.cve.org/CVERecord?id=CVE-2024-1874 https://www.cve.org/CVERecord?id=CVE-2024-22423 https://www.cve.org/CVERecord?id=CVE-2024-24576 https://www.kb.cert.org/vuls/id/123335 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39333 – nodejs: code injection via WebAssembly export names
https://notcve.org/view.php?id=CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option. Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. • https://nodejs.org/en/blog/vulnerability/october-2023-security-releases https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-30585
https://notcve.org/view.php?id=CVE-2023-30585
A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user's registry. The issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the "msiexec.exe" process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations. The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or "non-privileged") users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged "msiexec.exe" process. This manipulation can result in the creation of folders in unintended and potentially malicious locations. It is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. • https://nodejs.org/en/blog/vulnerability/june-2023-security-releases •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38552 – nodejs: integrity checks according to policies can be circumvented
https://notcve.org/view.php?id=CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. Cuando la función de política de Node.js verifica la integridad de un recurso con un manifiesto confiable, la aplicación puede interceptar la operación y devolver una suma de verificación falsificada a la implementación de la política del nodo, deshabilitando así efectivamente la verificación de integridad. Impactos: esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de política experimental en todas las líneas de versiones activas: 18.x y 20.x. Tenga en cuenta que en el momento en que se emitió este CVE, el mecanismo de política era una característica experimental de Node.js. When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check. • https://hackerone.com/reports/2094235 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject. • CWE-345: Insufficient Verification of Data Authenticity CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 81%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •