Home > Vulnerability Database > CVE-2023-30587

Mend.io Vulnerability Database

CVE-2023-30587

Date: September 7, 2024

A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector). By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the isInternal value when an inspector is attached within the Worker constructor before initializing a new WorkerImpl. This vulnerability exclusively affects Node.js users employing the permission model mechanism. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Language: JS

Severity Score

7.5

Related Resources (6)

Url: https://security.netapp.com/advisory/ntap-20241108-0004/

Url: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#mainmoduleproto-bypass-experimental-policy-mechanism-high-cve-2023-30581

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30587

Url: https://github.com/nodejs/node/commit/34d92ed88c814e05b4b619705c67b3df3999c52d

Url: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

Url: https://www.mend.io/vulnerability-database/CVE-2023-30587

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30587

Date: September 7, 2024

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?