摘要:
The use of the deprecated API process.binding() can bypass the permission model through path traversal. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. This vulnerability affects all users using the experimental permission model in Node.js 20.Security Advisory:https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558
安全等级: Low
公告ID: KylinSec-SA-2024-1104
发布日期: 2024年2月26日
关联CVE: CVE-2023-32558
The use of the deprecated API process.binding() can bypass the permission model through path traversal. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. This vulnerability affects all users using the experimental permission model in Node.js 20.Security Advisory:https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-32558 | KY3.4-4A | nodejs | Unaffected |
| CVE-2023-32558 | KY3.4-5A | nodejs | Unaffected |
| CVE-2023-32558 | KY3.5.1 | nodejs | Unaffected |
| CVE-2023-32558 | KY3.5.2 | nodejs | Unaffected |
