Lucene search

CVE-2023-32002

🗓️ 21 Aug 2023 17:47:15Reported by hackeroneType

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in Node.js 16.x, 18.x, and 20.x

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 160
Vulnrichment	CVE-2023-32002	21 Aug 202316:52	–	vulnrichment
OSV	CVE-2023-32002	21 Aug 202317:15	–	osv
OSV	UBUNTU-CVE-2023-32002	21 Aug 202317:15	–	osv
OSV	BIT-NODE-2023-32002	6 Mar 202411:00	–	osv
OSV	CGA-48W2-3643-474R	6 Jun 202412:22	–	osv
OSV	BIT-NODE-MIN-2023-32002	16 Dec 202413:58	–	osv
OSV	CGA-V59M-Q4J3-XM28	6 Jun 202412:29	–	osv
OSV	CGA-5J5V-6GFX-228W	6 Jun 202412:24	–	osv
OSV	USN-6822-1 nodejs vulnerabilities	10 Jun 202408:42	–	osv
OSV	SUSE-SU-2023:3400-1 Security update for nodejs16	23 Aug 202317:01	–	osv

Nvd

Vulners

Vulnrichment

Node

nodejs node.jsRange16.0.0–16.20.1

nodejs node.jsRange18.0.0–18.17.0

nodejs node.jsRange20.0.0–20.5.0

[
  {
    "product": "Node",
    "vendor": "NodeJS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "4.0",
        "status": "affected",
        "lessThan": "4.*"
      },
      {
        "versionType": "semver",
        "version": "5.0",
        "status": "affected",
        "lessThan": "5.*"
      },
      {
        "versionType": "semver",
        "version": "6.0",
        "status": "affected",
        "lessThan": "6.*"
      },
      {
        "versionType": "semver",
        "version": "7.0",
        "status": "affected",
        "lessThan": "7.*"
      },
      {
        "versionType": "semver",
        "version": "8.0",
        "status": "affected",
        "lessThan": "8.*"
      },
      {
        "versionType": "semver",
        "version": "9.0",
        "status": "affected",
        "lessThan": "9.*"
      },
      {
        "versionType": "semver",
        "version": "10.0",
        "status": "affected",
        "lessThan": "10.*"
      },
      {
        "versionType": "semver",
        "version": "11.0",
        "status": "affected",
        "lessThan": "11.*"
      },
      {
        "versionType": "semver",
        "version": "12.0",
        "status": "affected",
        "lessThan": "12.*"
      },
      {
        "versionType": "semver",
        "version": "13.0",
        "status": "affected",
        "lessThan": "13.*"
      },
      {
        "versionType": "semver",
        "version": "14.0",
        "status": "affected",
        "lessThan": "14.*"
      },
      {
        "versionType": "semver",
        "version": "15.0",
        "status": "affected",
        "lessThan": "15.*"
      },
      {
        "versionType": "semver",
        "version": "16.0",
        "status": "affected",
        "lessThan": "16.20.2"
      },
      {
        "versionType": "semver",
        "version": "17.0",
        "status": "affected",
        "lessThan": "17.*"
      },
      {
        "versionType": "semver",
        "version": "18.0",
        "status": "affected",
        "lessThan": "18.17.1"
      },
      {
        "versionType": "semver",
        "version": "19.0",
        "status": "affected",
        "lessThan": "19.*"
      },
      {
        "versionType": "semver",
        "version": "20.0",
        "status": "affected",
        "lessThan": "20.5.1"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/1960870
security	www.security.netapp.com/advisory/ntap-20230915-0009/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Aug 2023 17:15Current

9.3High risk

Vulners AI Score9.3

CVSS39.8

EPSS0.00036

SSVC

CWE-288