MiracleLinux 9 : nodejs-16.20.2-1.el9 (AXSA:2023-6490:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6490:04 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...

RLSA-2023:5360 Important: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. BZ2233891 Security Fixes: nodejs: Permissions policies can be bypassed via...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: The use of...

Linux Distros Unpatched Vulnerability : CVE-2023-32002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2023-32002)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32002 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the...

KLA80112 ACE vulnerability in Microsoft Mariner

Use after free vulnerability was found in Microsoft Mariner. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions. Original advisories CVE-2023-32002 Related products CBL-Mariner-2.0 CVE list CVE-2023-32002 critical KB list Solution Install...

Ubuntu: Security Advisory (USN-6822-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6822-1: Node.js vulnerabilities

It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...

Ubuntu 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6822-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6822-1 advisory. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were...

openSUSE: Security Advisory for nodejs16 (SUSE-SU-2023:3379-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for nodejs14 (SUSE-SU-2023:3408-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5589-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5589-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2023 https://www.debian.org/security/faq -...

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Module._load() module (CVE-2023-32002)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32002 Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of Module.load. By sending a...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass

Summary Node.js is used by IBM App Connect Enterprise Certified Container for running integration code. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability in Node.js...

RLSA-2023:5532 Important: nodejs security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...

Rocky Linux 9 : nodejs (RLSA-2023:5532)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5532 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerabilit...

AlmaLinux 9 : nodejs (ALSA-2023:5532)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5532 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability...

nodejs security and bug fix update

1:16.20.2-1 - Update to 16.20.2-1 Resolves CVE-2023-32002 CVE-2023-32006 CVE-2023-32559...

Oracle Linux 9 : nodejs (ELSA-2023-5532)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5532 advisory. 1:16.20.2-1 - Update to 16.20.2-1 Resolves CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 Tenable has extracted the preceding description block directly...

Important: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...