Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-32006

Опубликовано: 15 авг. 2023
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

The use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.

This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.

Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 16.0.0 (включая) до 16.20.1 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 18.0.0 (включая) до 18.17.0 (включая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 20.0.0 (включая) до 20.5.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.00072
Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-693

Связанные уязвимости

ubuntu логотип

CVE-2023-32006

CVSS3: 8.8
ubuntu
больше 2 лет назад

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

redhat логотип

CVE-2023-32006

CVSS3: 7.1
redhat
больше 2 лет назад

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

msrc логотип

CVE-2023-32006

CVSS3: 8.8
msrc
больше 2 лет назад

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x 18.x and 20.x. Please note that at the time this CVE was issued the policy is an experimental feature of Node.js.

debian логотип

CVE-2023-32006

CVSS3: 8.8
debian
больше 2 лет назад

The use of `module.constructor.createRequire()` can bypass the policy ...

github логотип

GHSA-356r-x8g9-vh8c

CVSS3: 8.8
github
больше 2 лет назад

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

EPSS

Процентиль: 22%
0.00072
Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo
CWE-693