TencentOS Server 3: nodejs:16 (TSSA-2023:0231)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType

TencentOS Server 3 is vulnerable to multiple issues, needing updates to fix certain Node.js vulnerabilities.

Reporter	Title	Published	Views	Family All 453
IBM Security Bulletins	Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities	16 May 202420:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities	22 Nov 202315:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Node.js semver (CVE-2022-25883)	28 Nov 202323:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js	27 Sep 202321:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32006)	29 Nov 202322:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6.2 fixes multiple security vulnerabilities	6 Oct 202316:11	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management	28 Feb 202421:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Fusion may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)	16 Nov 202321:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	30 Mar 202620:04	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js modules affect IBM Voice Gateway	14 Aug 202319:58	–	ibm

Source	Link
mirrors	www.mirrors.tencent.com/tlinux/errata/tssa-20230231.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2023:0231.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(238814);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/05");

  script_cve_id(
    "CVE-2022-25883",
    "CVE-2023-32002",
    "CVE-2023-32006",
    "CVE-2023-32559"
  );

  script_name(english:"TencentOS Server 3: nodejs:16 (TSSA-2023:0231)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0231 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

      CVE-2022-25883:
      Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service
    (ReDoS) via the function new Range, when untrusted user data is provided as a range.

      CVE-2023-32002:
      The use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json
    definition for a given module.

      This vulnerability affects all users using the experimental policy mechanism in all active release
    lines: 16.x, 18.x and, 20.x.

      Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

      CVE-2023-32006:
      The use of module.constructor.createRequire() can bypass the policy mechanism and require modules
    outside of the policy.json definition for a given module.

      This vulnerability affects all users using the experimental policy mechanism in all active release
    lines: 16.x, 18.x, and, 20.x.

      Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

      CVE-2023-32559:
      A privilege escalation vulnerability exists in the experimental policy mechanism in all active release
    lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding() can bypass the policy
    mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') run
    arbitrary code, outside of the limits defined in a policy.json file. Please note that at the time this CVE
    was issued, the policy is an experimental feature of Node.js.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20230231.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-32002");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:nodejs-nodemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:nodejs-packaging");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'nodejs-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debuginfo-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debuginfo-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debugsource-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-debugsource-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-devel-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-devel-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-docs-16.20.2-2.module+el8.8.0+528+de193ccf', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-full-i18n-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-full-i18n-16.20.2-2.module+el8.8.0+528+de193ccf', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-nodemon-3.0.1-1.module+el8.8.0+524+047aea0a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'nodejs-packaging-26-1.module+el8.8.0+528+de193ccf', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'npm-8.19.4-1.16.20.2.2.module+el8.8.0+528+de193ccf', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'npm-8.19.4-1.16.20.2.2.module+el8.8.0+528+de193ccf', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debuginfo / nodejs-debugsource / etc');
}

05 Dec 2025 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 3.19.8

EPSS0.00598

SSVC