Lucene search
K

nodejs: Permissions policies can be bypassed via Module._load

🗓️ 09 Oct 2023 14:04:18Reported by RedHatType 
redhat
 redhat
🔗 access.redhat.com👁 5 Views

NodeJS vulnerability lets Module._load() bypass permissions policy and load modules outside policy.json.

Related
Packages
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.0.1
16 Nov 202315:21
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple Node.js vulnerabilities
31 Jan 202413:28
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 has addressed security vulnerabilities
29 Nov 202322:26
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor
26 Sep 202308:26
ibm
IBM Security Bulletins
Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
5 Feb 202415:13
ibm
IBM Security Bulletins
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Module._load() module (CVE-2023-32002)
29 Nov 202322:26
ibm
IBM Security Bulletins
Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.
20 Dec 202316:10
ibm
IBM Security Bulletins
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to bypassing security restrictions due to multiple Node.js vulnerabilities
14 Sep 202317:19
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway
2 Oct 202320:07
ibm
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255
30 Jun 202506:41
ibm
Rows per page
OSOS VersionArchitecturePackagePackage VersionFilename
Red Hat Enterprise Linux9aarch64nodejs1:16.20.2-1.el9_2nodejs-1:16.20.2-1.el9_2.aarch64.rpm
Red Hat Enterprise Linux9ppc64lenodejs1:16.20.2-1.el9_2nodejs-1:16.20.2-1.el9_2.ppc64le.rpm
Red Hat Enterprise Linux9s390xnodejs1:16.20.2-1.el9_2nodejs-1:16.20.2-1.el9_2.s390x.rpm
Red Hat Enterprise Linux9x86_64nodejs1:16.20.2-1.el9_2nodejs-1:16.20.2-1.el9_2.x86_64.rpm
Red Hat Enterprise Linux9aarch64nodejs-debuginfo1:16.20.2-1.el9_2nodejs-debuginfo-1:16.20.2-1.el9_2.aarch64.rpm
Red Hat Enterprise Linux9ppc64lenodejs-debuginfo1:16.20.2-1.el9_2nodejs-debuginfo-1:16.20.2-1.el9_2.ppc64le.rpm
Red Hat Enterprise Linux9s390xnodejs-debuginfo1:16.20.2-1.el9_2nodejs-debuginfo-1:16.20.2-1.el9_2.s390x.rpm
Red Hat Enterprise Linux9x86_64nodejs-debuginfo1:16.20.2-1.el9_2nodejs-debuginfo-1:16.20.2-1.el9_2.x86_64.rpm
Red Hat Enterprise Linux9anynodejs-debuginfo1:16.20.2-1.el9_2.i686nodejs-debuginfo-1:16.20.2-1.el9_2.i686.noarch.rpm
Red Hat Enterprise Linux9aarch64nodejs-debugsource1:16.20.2-1.el9_2nodejs-debugsource-1:16.20.2-1.el9_2.aarch64.rpm
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Jun 2026 10:20Current
7.1High risk
Vulners AI Score7.1
CVSS 3.19.8
EPSS0.0143
SSVC
5