CVE-2023-32002

Опубликовано: 21 авг. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 9.8

Описание

The use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	not-affected	20.13.1+dfsg-2ubuntu6
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	released	12.22.9~dfsg-1ubuntu3.6
esm-apps/noble	not-affected	18.19.1+dfsg-6ubuntu5
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
focal	not-affected	code not present
jammy	released	12.22.9~dfsg-1ubuntu3.6

Показывать по

Ссылки на источники

EPSS

Процентиль: 6%

0.00029

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2023-32002

CVSS3: 8.1

redhat

почти 2 года назад

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

CVE-2023-32002

CVSS3: 9.8

nvd

почти 2 года назад

CVE-2023-32002

msrc

4 месяца назад

HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability

CVE-2023-32002

CVSS3: 9.8

debian

почти 2 года назад

The use of `Module._load()` can bypass the policy mechanism and requir ...

GHSA-9m48-r3w4-x35v

CVSS3: 9.8

github

почти 2 года назад

EPSS

Процентиль: 6%

0.00029

Низкий

9.8 Critical

CVSS3

CVE-2023-32002

Описание

Пакет nodejs

Ссылки на источники

Связанные уязвимости