CVE-2023-38552 — Vulnetix

CVE-2023-38552 PUBLISHED

EPSS 0.40% · 60.8th percentile

Risk Scores

EPSS Score

0.40%

60.8th percentile

Affected Products

Vendor	Product	Versions
Amazon	nodejs

Exploit Intelligence

Integrity checks according to policies can be circumvented in Node.js 20 and Node.js 18 (hackerone)
Integrity checks according to policies can be circumvented (hackerone)
Integrity checks according to policies can be circumvented in Node.js 20 and Node.js 18 (hackerone)
Integrity checks according to policies can be circumvented (hackerone)
Integrity checks according to policies can be circumvented in Node.js 20 and Node.js 18 (hackerone)
Integrity checks according to policies can be circumvented (hackerone)
https://hackerone.com/reports/2094235 (osv)

Timeline

CVE Published
Oct 13, 2023 PoC Published
Oct 18, 2023 EPSS Score
Nov 18, 2023 EPSS Score
Nov 30, 2023 PoC Published
Dec 19, 2023 EPSS Score
Feb 20, 2024 EPSS Score
Mar 22, 2024 EPSS Score
Apr 22, 2024 EPSS Score
May 23, 2024 EPSS Score
Jul 25, 2024 EPSS Score
Aug 25, 2024 EPSS Score

References

ALAS2023-2023-412: nodejs (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›