CVE-2023-30581 - Breaking Node.js Module Security with `process.mainModule.__proto__.require()` Bypass
Node.js is known for being a secure runtime, but even the best have their weak spots. In 2023, a serious vulnerability was discovered that
CVE-2023-38552 - Breaking Node.js Policy Integrity Checks (with Exploit Example)
In June 2023, a new security vulnerability was found in Node.js, tracked as CVE-2023-38552. It impacts the experimental "policy" feature, designed as
CVE-2023-39332 - Bypassing Node.js Path Traversal Prevention with Uint8Array
In CVE-2023-39332, a subtle but critical bug in Node.js came to light—one that allows attackers to bypass path traversal protections using JavaScript’s
CVE-2023-39331 - How a Botched Patch Opened a New Path Traversal Vulnerability in Node.js Permissions
*Published: 2024-06-12*
The security of open source software relies not just on quick patches, but on doing them right. CVE-2023-39331 is a textbook case of
CVE-2023-32558 - How Deprecated API `process.binding()` Bypasses Node.js Permission Model (with Exploit Example)
Node.js 20 introduced an experimental permission model to help limit what scripts can do. But in May 2023, security researchers found a serious weakness—
Episode
00:00:00
00:00:00