CVE-2023-38552

🗓️ 18 Oct 2023 03:55:18Reported by hackeroneType

Node.js policy feature allows forged checksum to disable integrity check

Reporter	Title	Published	Views	Family All 172
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass due to [CVE-2023-38552], [CVE-2023-39333]	14 Dec 202310:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier	19 Jan 202418:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway	16 Nov 202314:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	17 Sep 202417:39	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	17 Jan 202407:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.	26 Mar 202504:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities	6 Dec 202316:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components	7 May 202419:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js	11 Dec 202309:42	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-412)	4 Nov 202300:00	–	nessus

NVD

Vulners

Node

nodejs node.jsRange18.0.0–18.18.1

nodejs node.jsRange20.1.0–20.8.0

Node

fedoraproject fedoraMatch37

fedoraproject fedoraMatch38

fedoraproject fedoraMatch39

[
  {
    "product": "Node",
    "vendor": "NodeJS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "4.0",
        "status": "affected",
        "lessThan": "4.*"
      },
      {
        "versionType": "semver",
        "version": "5.0",
        "status": "affected",
        "lessThan": "5.*"
      },
      {
        "versionType": "semver",
        "version": "6.0",
        "status": "affected",
        "lessThan": "6.*"
      },
      {
        "versionType": "semver",
        "version": "7.0",
        "status": "affected",
        "lessThan": "7.*"
      },
      {
        "versionType": "semver",
        "version": "8.0",
        "status": "affected",
        "lessThan": "8.*"
      },
      {
        "versionType": "semver",
        "version": "9.0",
        "status": "affected",
        "lessThan": "9.*"
      },
      {
        "versionType": "semver",
        "version": "10.0",
        "status": "affected",
        "lessThan": "10.*"
      },
      {
        "versionType": "semver",
        "version": "11.0",
        "status": "affected",
        "lessThan": "11.*"
      },
      {
        "versionType": "semver",
        "version": "12.0",
        "status": "affected",
        "lessThan": "12.*"
      },
      {
        "versionType": "semver",
        "version": "13.0",
        "status": "affected",
        "lessThan": "13.*"
      },
      {
        "versionType": "semver",
        "version": "14.0",
        "status": "affected",
        "lessThan": "14.*"
      },
      {
        "versionType": "semver",
        "version": "15.0",
        "status": "affected",
        "lessThan": "15.*"
      },
      {
        "versionType": "semver",
        "version": "16.0",
        "status": "affected",
        "lessThan": "16.*"
      },
      {
        "versionType": "semver",
        "version": "17.0",
        "status": "affected",
        "lessThan": "17.*"
      },
      {
        "versionType": "semver",
        "version": "18.0",
        "status": "affected",
        "lessThan": "18.18.2"
      },
      {
        "versionType": "semver",
        "version": "19.0",
        "status": "affected",
        "lessThan": "19.*"
      },
      {
        "versionType": "semver",
        "version": "20.0",
        "status": "affected",
        "lessThan": "20.8.1"
      }
    ]
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
hackerone	www.hackerone.com/reports/2094235
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
security	www.security.netapp.com/advisory/ntap-20231116-0013/
security	www.security.netapp.com/advisory/ntap-20241108-0002/

03 Nov 2025 22:16Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.5

EPSS0.00397

SSVC

CWE-345