Back to bug 2230956

Who When What Removed Added
Mauro Matteo Cascella 2023-08-10 10:14:55 UTC Blocks 2230962
Mauro Matteo Cascella 2023-08-10 10:16:23 UTC Depends On 2230973, 2230974, 2230975, 2230972
Sandipan Roy 2023-08-22 07:14:22 UTC Alias TRIAGE-CVE-2023-32559 CVE-2023-32559
Summary TRIAGE-CVE-2023-32559 nodejs: Permissions policies can be bypassed via process.binding CVE-2023-32559 nodejs: Permissions policies can be bypassed via process.binding
Sandipan Roy 2023-08-22 07:16:06 UTC Depends On 2233400, 2233406, 2233398, 2233402, 2233404, 2233407, 2233403, 2233399, 2233397, 2233401
Sandipan Roy 2023-08-22 07:51:57 UTC Doc Text A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') run arbitrary code, outside of the limits defined in a policy.json file.
RaTasha Tillery-Smith 2023-08-22 14:14:42 UTC Doc Text A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') run arbitrary code, outside of the limits defined in a policy.json file. A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.
RHEL Program Management Team 2023-08-23 16:33:19 UTC Depends On 2233897
RHEL Program Management Team 2023-08-23 16:33:26 UTC Depends On 2233898
RHEL Program Management Team 2023-08-24 10:41:04 UTC Depends On 2234407
RHEL Program Management Team 2023-08-24 10:42:21 UTC Depends On 2234412
RHEL Program Management Team 2023-08-30 10:29:04 UTC Depends On 2236095
Zuzana Svetlikova 2023-08-30 10:53:18 UTC Depends On 2236100
RHEL Program Management Team 2023-08-30 12:39:22 UTC Depends On 2236141
errata-xmlrpc 2023-09-26 14:50:43 UTC Link ID Red Hat Product Errata RHSA-2023:5361
errata-xmlrpc 2023-09-26 14:51:40 UTC Link ID Red Hat Product Errata RHSA-2023:5363
errata-xmlrpc 2023-09-26 14:52:10 UTC Link ID Red Hat Product Errata RHSA-2023:5360
errata-xmlrpc 2023-09-26 14:58:51 UTC Link ID Red Hat Product Errata RHSA-2023:5362

Back to bug 2230956