Node.js

Node.js Authentication Bypass Vulnerability (CVE-2023-23918) Notice

March 1, 2023

Overview Recently, NSFOCUS CERT detected that Node.js officially fixed an authentication vulnerability (CVE-2023-23918). Due to the flaw of improper permission control in Node.js, a remote attacker can use the process.mainModule.require() function to bypass permissions and access unauthorized modules. The official said that this vulnerability only affects users who have enabled the experimental permission option –experimental-policy. […]

Search

Subscribe to the NSFOCUS Blog