CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.2%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2023-32559

Nodejs » Node.js » Version: 16.0.0

cpe:2.3:a:nodejs:node.js:16.0.0
Nodejs » Node.js » Version: 16.1.0

cpe:2.3:a:nodejs:node.js:16.1.0
Nodejs » Node.js » Version: 16.10.0

cpe:2.3:a:nodejs:node.js:16.10.0
Nodejs » Node.js » Version: 16.11.0

cpe:2.3:a:nodejs:node.js:16.11.0
Nodejs » Node.js » Version: 16.11.1

cpe:2.3:a:nodejs:node.js:16.11.1
Nodejs » Node.js » Version: 16.12.0

cpe:2.3:a:nodejs:node.js:16.12.0
Nodejs » Node.js » Version: 16.2.0

cpe:2.3:a:nodejs:node.js:16.2.0
Nodejs » Node.js » Version: 16.20.1

cpe:2.3:a:nodejs:node.js:16.20.1
Nodejs » Node.js » Version: 16.3.0

cpe:2.3:a:nodejs:node.js:16.3.0
Nodejs » Node.js » Version: 16.4.0

cpe:2.3:a:nodejs:node.js:16.4.0
Nodejs » Node.js » Version: 16.4.1

cpe:2.3:a:nodejs:node.js:16.4.1
Nodejs » Node.js » Version: 16.4.2

cpe:2.3:a:nodejs:node.js:16.4.2
Nodejs » Node.js » Version: 16.5.0

cpe:2.3:a:nodejs:node.js:16.5.0
Nodejs » Node.js » Version: 16.6.0

cpe:2.3:a:nodejs:node.js:16.6.0
Nodejs » Node.js » Version: 16.6.1

cpe:2.3:a:nodejs:node.js:16.6.1
Nodejs » Node.js » Version: 16.6.2

cpe:2.3:a:nodejs:node.js:16.6.2
Nodejs » Node.js » Version: 16.7.0

cpe:2.3:a:nodejs:node.js:16.7.0
Nodejs » Node.js » Version: 16.8.0

cpe:2.3:a:nodejs:node.js:16.8.0
Nodejs » Node.js » Version: 16.9.0

cpe:2.3:a:nodejs:node.js:16.9.0
Nodejs » Node.js » Version: 16.9.1

cpe:2.3:a:nodejs:node.js:16.9.1
Nodejs » Node.js » Version: 18.0.0

cpe:2.3:a:nodejs:node.js:18.0.0
Nodejs » Node.js » Version: 18.0.1

cpe:2.3:a:nodejs:node.js:18.0.1
Nodejs » Node.js » Version: 18.0.2

cpe:2.3:a:nodejs:node.js:18.0.2
Nodejs » Node.js » Version: 18.0.3

cpe:2.3:a:nodejs:node.js:18.0.3
Nodejs » Node.js » Version: 18.0.4

cpe:2.3:a:nodejs:node.js:18.0.4
Nodejs » Node.js » Version: 18.0.5

cpe:2.3:a:nodejs:node.js:18.0.5
Nodejs » Node.js » Version: 18.0.6

cpe:2.3:a:nodejs:node.js:18.0.6
Nodejs » Node.js » Version: 18.1.0

cpe:2.3:a:nodejs:node.js:18.1.0
Nodejs » Node.js » Version: 18.10.0

cpe:2.3:a:nodejs:node.js:18.10.0
Nodejs » Node.js » Version: 18.11.0

cpe:2.3:a:nodejs:node.js:18.11.0
Nodejs » Node.js » Version: 18.16.1

cpe:2.3:a:nodejs:node.js:18.16.1
Nodejs » Node.js » Version: 18.17.0

cpe:2.3:a:nodejs:node.js:18.17.0
Nodejs » Node.js » Version: 18.2.0

cpe:2.3:a:nodejs:node.js:18.2.0
Nodejs » Node.js » Version: 18.3.0

cpe:2.3:a:nodejs:node.js:18.3.0
Nodejs » Node.js » Version: 18.4.0

cpe:2.3:a:nodejs:node.js:18.4.0
Nodejs » Node.js » Version: 18.5.0

cpe:2.3:a:nodejs:node.js:18.5.0
Nodejs » Node.js » Version: 18.6.0

cpe:2.3:a:nodejs:node.js:18.6.0
Nodejs » Node.js » Version: 18.7.0

cpe:2.3:a:nodejs:node.js:18.7.0
Nodejs » Node.js » Version: 18.8.0

cpe:2.3:a:nodejs:node.js:18.8.0
Nodejs » Node.js » Version: 18.9.0

cpe:2.3:a:nodejs:node.js:18.9.0
Nodejs » Node.js » Version: 18.9.1

cpe:2.3:a:nodejs:node.js:18.9.1
Nodejs » Node.js » Version: 20.0.0

cpe:2.3:a:nodejs:node.js:20.0.0
Nodejs » Node.js » Version: 20.1.0

cpe:2.3:a:nodejs:node.js:20.1.0
Nodejs » Node.js » Version: 20.2.0

cpe:2.3:a:nodejs:node.js:20.2.0
Nodejs » Node.js » Version: 20.3.0

cpe:2.3:a:nodejs:node.js:20.3.0
Nodejs » Node.js » Version: 20.3.1

cpe:2.3:a:nodejs:node.js:20.3.1
Nodejs » Node.js » Version: 20.4.0

cpe:2.3:a:nodejs:node.js:20.4.0
Nodejs » Node.js » Version: 20.5.0

cpe:2.3:a:nodejs:node.js:20.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-32559

Products

Pricing

Contact Us