CVE-2023-32558

Name of the Vulnerable Software and Affected Versions Node.js versions 20.x

Description The use of the deprecated API process.binding() can bypass the permission model through path traversal, potentially allowing a remote attacker to bypass security restrictions and gain unauthorized access to protected information. This issue affects users of the experimental permission model in Node.js.

Recommendations For Node.js versions 20.x, consider disabling the use of the process.binding() API until a patch is available to prevent potential exploitation. Restrict access to sensitive information and directories to minimize the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.