{"vulnerability": "CVE-2023-3058", "sightings": [{"uuid": "a1d0e08a-8d00-42e2-9f7e-0861da5263a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30586", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15551", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-30586\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.\n\ud83d\udccf Published: 2023-06-30T23:40:08.238Z\n\ud83d\udccf Modified: 2025-05-08T16:14:11.957Z\n\ud83d\udd17 References:\n1. https://hackerone.com/reports/1954535\n2. https://security.netapp.com/advisory/ntap-20230803-0008/", "creation_timestamp": "2025-05-08T16:23:50.000000Z"}, {"uuid": "e570a5f9-29cb-4007-bd94-04949a006286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3058", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/761", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-3058\n\ud83d\udd39 Description: A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560.\n\ud83d\udccf Published: 2023-06-02T13:00:04.613Z\n\ud83d\udccf Modified: 2025-01-08T17:57:52.617Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.230560\n2. https://vuldb.com/?ctiid.230560\n3. https://gitee.com/07fly/FLY-CRM/issues/I76K4N", "creation_timestamp": "2025-01-08T18:17:42.000000Z"}, {"uuid": "7b698196-192f-46d6-a3cf-6d7cdcf532bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30582", "type": "seen", "source": "https://t.me/cvedetector/5035", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-30582 - \"Node.js File Watching Permission Bypass Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2023-30582 \nPublished : Sept. 7, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a result, malicious actors can monitor files that they do not have explicit read access to.  \n  \nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-07T19:20:39.000000Z"}, {"uuid": "7826a169-c394-49ae-acca-d7f221aa45da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30583", "type": "seen", "source": "https://t.me/cvedetector/5034", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-30583 - Node.js FS OpenAsBlob Experimental Permission Bypass\", \n  \"Content\": \"CVE ID : CVE-2023-30583 \nPublished : Sept. 7, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API.  \n  \nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-07T19:20:38.000000Z"}, {"uuid": "5a45b704-3283-4b36-af87-96b373c87507", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30584", "type": "seen", "source": "https://t.me/cvedetector/5033", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-30584 - Node.js Path Traversal Bypass in Experimental Permission Model\", \n  \"Content\": \"CVE ID : CVE-2023-30584 \nPublished : Sept. 7, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions.  \n  \nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-07T19:20:37.000000Z"}, {"uuid": "9560b33a-7625-40a5-afd4-9282af49ff54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30587", "type": "seen", "source": "https://t.me/cvedetector/5030", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-30587 - Node.js Inspector Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-30587 \nPublished : Sept. 7, 2024, 4:15 p.m. | 42\u00a0minutes ago \nDescription : A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector).  \n  \nBy exploiting the Worker class's ability to create an \"internal worker\" with the kIsInternal Symbol, attackers can modify the isInternal value when an inspector is attached within the Worker constructor before initializing a new WorkerImpl. This vulnerability exclusively affects Node.js users employing the permission model mechanism.  \n  \nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-07T19:20:31.000000Z"}, {"uuid": "382d3d95-c5ee-4666-83b6-f3686fe06535", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30589", "type": "seen", "source": "https://t.me/cibsecurity/65833", "content": "\u203c CVE-2023-30589 \u203c\n\nThe llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-01T07:15:35.000000Z"}, {"uuid": "2b4b0da8-6a92-4787-94a0-78a83ebb110f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30586", "type": "seen", "source": "https://t.me/cibsecurity/65839", "content": "\u203c CVE-2023-30586 \u203c\n\nA privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-01T07:15:44.000000Z"}, {"uuid": "f60cd396-b963-4a94-9b90-178013b4c0a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30584", "type": "seen", "source": "https://t.me/cibsecurity/72477", "content": "\u203c CVE-2023-39332 \u203c\n\nVarious `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.This is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.Impacts:This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T07:33:24.000000Z"}, {"uuid": "5de0e8a9-ee13-45ee-80aa-51edc9e16f20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30588", "type": "seen", "source": "https://t.me/arpsyndicate/783", "content": "#ExploitObserverAlert\n\nCVE-2023-30588\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30588.", "creation_timestamp": "2023-11-29T17:49:25.000000Z"}, {"uuid": "bdf3b0e1-6980-4e67-bdbc-4a11e4696c07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30585", "type": "seen", "source": "https://t.me/arpsyndicate/687", "content": "#ExploitObserverAlert\n\nCVE-2023-30585\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-30585.", "creation_timestamp": "2023-11-29T06:52:42.000000Z"}, {"uuid": "571d25cd-5cc0-473b-9cab-ef8cad278c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30581", "type": "seen", "source": "https://t.me/arpsyndicate/545", "content": "#ExploitObserverAlert\n\nCVE-2023-30581\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-30581. The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.  Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2023-11-24T21:28:16.000000Z"}, {"uuid": "26aa2682-fb99-44f2-99fd-38d36bde6a78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30584", "type": "seen", "source": "https://t.me/cibsecurity/72478", "content": "\u203c CVE-2023-39331 \u203c\n\nA previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T07:33:25.000000Z"}, {"uuid": "f1ec1475-9979-49ce-8d9e-76d5c7dd1b8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30584", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}]}