Home > Vulnerability Database > CVE-2023-39333

Mend.io Vulnerability Database

CVE-2023-39333

Date: September 7, 2024

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the "--experimental-wasm-modules" command line option.

Language: JS

Severity Score

5.3

Related Resources (5)

Url: https://security.netapp.com/advisory/ntap-20240808-0004/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-39333

Url: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases

Url: https://security.netapp.com/advisory/ntap-20241004-0006/

Url: https://www.mend.io/vulnerability-database/CVE-2023-39333

Severity Score

5.3

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-39333

Date: September 7, 2024

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?