13 matches found
BIT-NODE-MIN-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
nodejs: integrity checks according to policies can be circumvented
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...
Fedora 39 : nodejs20 (2023-7b52921cae)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7b52921cae advisory. 2023-10-13, Version 20.8.1 Current, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...
When the Node.js policy feature checks the integrity of a resource against a trusted manifest the application can intercept the operation and return a forged checksum to the node's policy implementation thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and 20.x. Please note that at the time this CVE was issued the policy mechanism is an experimental feature of Node.js.
...
DEBIAN-CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
ALPINE-CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
UBUNTU-CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...
PT-2023-6457 · Node.Js +6 · Node.Js +6
Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x through 20.x Description: The issue arises when the Node.js policy feature checks the integrity of a resource against a trusted manifest. An application can intercept this operation and return a forged checksum to the...
CVE-2023-38552
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...