CVE-2023-38552

N/A

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.

N/A

N/A

Node.js 数据伪造问题漏洞

Node.js是一个开源、跨平台的 JavaScript 运行时环境。 Node.js 18.x 、20.x版本存在数据伪造问题漏洞，该漏洞源于当 Node.js 策略功能根据可信清单检查资源的完整性时，应用程序可以拦截该操作并向节点的策略实现返回伪造的校验和，从而有效地禁用完整性检查。

N/A

N/A