Vulnerability Description
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://nodejs.org/en/blog/vulnerability/october-2023-security-releases
- https://security.netapp.com/advisory/ntap-20240808-0004/
- https://security.netapp.com/advisory/ntap-20241004-0006/
- https://security.netapp.com/advisory/ntap-20241108-0002/
FAQ
What is CVE-2023-39333?
CVE-2023-39333 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not ha...
How severe is CVE-2023-39333?
CVE-2023-39333 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-39333?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.