Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2023-32002

Опубликовано: 11 фев. 2025
Источник: msrc
EPSS Низкий

Описание

HackerOne: CVE-2023-32002 Node.js Module._load() policy Remote Code Execution Vulnerability

FAQ

Why is this HackerOne CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Node.js software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

Обновления

ПродуктСтатьяОбновление
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Release Notes
Security Update
CBL Mariner 2.0 x64
--
CBL Mariner 2.0 ARM
--

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Unlikely

DOS

N/A

EPSS

Процентиль: 6%
0.00029
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-32002

CVSS3: 9.8
ubuntu
почти 2 года назад

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

redhat логотип

CVE-2023-32002

CVSS3: 8.1
redhat
почти 2 года назад

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

nvd логотип

CVE-2023-32002

CVSS3: 9.8
nvd
почти 2 года назад

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

debian логотип

CVE-2023-32002

CVSS3: 9.8
debian
почти 2 года назад

The use of `Module._load()` can bypass the policy mechanism and requir ...

github логотип

GHSA-9m48-r3w4-x35v

CVSS3: 9.8
github
почти 2 года назад

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

EPSS

Процентиль: 6%
0.00029
Низкий