Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.
This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.
References
Configurations
No configuration.
History
21 Nov 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Sep 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-07 16:15
Updated : 2024-11-21 08:15
NVD link : CVE-2023-39333
Mitre link : CVE-2023-39333
CVE.ORG link : CVE-2023-39333
JSON object : View
Products Affected
No product.
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')