H1-1877919 — Vulnetix

H1-1877919 PUBLISHED CVSS 8.399999618530273 HIGH

The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1

Risk Scores

CVSS 3.1

8.399999618530273

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1 (hackerone)
The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1 (hackerone)

Timeline

Jul 20, 2023 CVE Published
Jul 20, 2023 PoC Published

References

The use of __proto__ in process.mainModule.__proto__.require() bypasses the permission system in Node v19.6.1 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›