Important: nodejs

🗓️ 25 Aug 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 2 Views

Node.js policy mechanism vulnerabilities allow bypasses in versions 16.x, 18.x, and 20.x.

Reporter	Title	Published	Views	Family All 301
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32006)	29 Nov 202322:29	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1	16 Nov 202315:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32559)	29 Nov 202322:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple Node.js vulnerabilities	31 Jan 202413:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 has addressed security vulnerabilities	29 Nov 202322:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	26 Sep 202308:26	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	5 Feb 202415:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js	29 Apr 202502:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Module._load() module (CVE-2023-32002)	29 Nov 202322:26	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.	20 Dec 202316:10	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	nodejs	18.12.1-1.amzn2023.0.10	nodejs-18.12.1-1.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	nodejs	18.12.1-1.amzn2023.0.10	nodejs-18.12.1-1.amzn2023.0.10.x86_64.rpm
Amazon Linux	2	aarch64	nodejs-debuginfo	18.12.1-1.amzn2023.0.10	nodejs-debuginfo-18.12.1-1.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	nodejs-debuginfo	18.12.1-1.amzn2023.0.10	nodejs-debuginfo-18.12.1-1.amzn2023.0.10.x86_64.rpm
Amazon Linux	2	aarch64	nodejs-debugsource	18.12.1-1.amzn2023.0.10	nodejs-debugsource-18.12.1-1.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	nodejs-debugsource	18.12.1-1.amzn2023.0.10	nodejs-debugsource-18.12.1-1.amzn2023.0.10.x86_64.rpm
Amazon Linux	2	aarch64	nodejs-devel	18.12.1-1.amzn2023.0.10	nodejs-devel-18.12.1-1.amzn2023.0.10.aarch64.rpm
Amazon Linux	2	x86_64	nodejs-devel	18.12.1-1.amzn2023.0.10	nodejs-devel-18.12.1-1.amzn2023.0.10.x86_64.rpm
Amazon Linux	2	any	nodejs-docs	18.12.1-1.amzn2023.0.10	nodejs-docs-18.12.1-1.amzn2023.0.10.noarch.rpm
Amazon Linux	2	aarch64	nodejs-full-i18n	18.12.1-1.amzn2023.0.10	nodejs-full-i18n-18.12.1-1.amzn2023.0.10.aarch64.rpm

25 Aug 2023 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 3.19.8

EPSS0.00074

SSVC

node.js vulnerabilities policy mechanism module bypass experimental feature affected versions