11 matches found
RLSA-2023:5532 Important: nodejs security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...
ALSA-2023:5532 Important: nodejs security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...
AlmaLinux 9 : nodejs:18 (ALSA-2023:5363)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5363 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodejs:...
AlmaLinux 8 : nodejs:16 (ALSA-2023:5360)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5360 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodejs:...
SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:3455-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3455-1 advisory. - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed...
SUSE: Security Advisory (SUSE-SU-2023:3400-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-304)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-304 advisory. The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Please note that at the time this CVE was issued, the policy...
Code injection
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...