17 matches found
CVE-2023-32558 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32558 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32558
The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...
CVE-2023-32558
CVE-2023-32558 affects Node.js 20.x when using the experimental permission model. The deprecated API process.binding() can bypass the permission model via path traversal, enabling potential permission bypass without explicit user interaction. Exploitation details are not provided in the available...
CVE-2023-32558
The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...
CVE-2023-32558
The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...
Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-304)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-304 advisory. The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Please note that at the time this CVE was issued, the policy...
SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:3378-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3378-1 advisory. Update to LTS version 18.17.1. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. -...
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:3379-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3379-1 advisory. Update to LTS version 16.20.2. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. -...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:3355-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3355-1 advisory. Update to LTS version 16.20.2: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006:...
Fedora 37 : nodejs16 / nodejs18 / nodejs20 (2023-18476abd7e)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-18476abd7e advisory. https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for the v16.x, v18.x, a...
Fedora: Security Advisory for nodejs20 (FEDORA-2023-d12a917ab4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : nodejs16 / nodejs18 / nodejs20 (2023-d12a917ab4)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-d12a917ab4 advisory. https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for the v16.x, v18.x, a...
Node.js 16.x < 16.20.2 / 18.x < 18.17.1 / 20.x < 20.5.1 Multiple Vulnerabilities (Wednesday August 09 2023 Security Releases).
The version of Node.js installed on the remote host is prior to 16.20.2, 18.17.1, 20.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday August 09 2023 Security Releases advisory: - Permissions policies can be bypassed via Module.load CVE-2023-32002 -...
Node.js 20.x < 20.5.1 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js 20.x < 20.5.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Wednesday August 9th 2023 Security Releases
Wednesday August 9th 2023 Security Releases Update 09-August-2023 Security releases available Updates are now available for the v16.x, v18.x, and v20.x Node.js release lines for the following issues. Permissions policies can be bypassed via Module.load HIGHCVE-2023-32002 The use of Module.load ca...