Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-27982...

Internet Bug Bounty: Permissions policies can be bypassed via Module._load and require.extensions (High) (CVE-2023-30587)

A vulnerability in the experimental permissions policy mechanism in Node.js was reported. The use of Module.load could bypass the policy and require unauthorized modules. This affected all active release lines. The vulnerability was reported by a researcher and fixed by the Node.js security team...