Home > Vulnerability Database > CVE-2023-39333

Mend.io Vulnerability Database

CVE-2023-39333

Good to know:

Date: July 28, 2023

Code injection via WebAssembly export names. Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.

Language: JS

Severity Score

5.3

Related Resources (5)

Url: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333

Url: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-39333

Url: https://security-tracker.debian.org/tracker/CVE-2023-39333

Url: https://www.mend.io/vulnerability-database/CVE-2023-39333

Severity Score

5.3

Top Fix

Upgrade Version

Upgrade to version v18.18.2,v20.8.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-39333

Good to know:

Date: July 28, 2023

Language: JS

Severity Score

Related Resources (5)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?