Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-23918

Published: 23/02/2023 Updated: 16/03/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Nodejs

Vulnerability Summary

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nodejs node.js

Vendor Advisories

Debian CVElist Bug Report Logs: nodejs: CVE-2023-23918 CVE-2023-23919 CVE-2023-23920
Debian Bug report logs - #1031834 nodejs: CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers &lt;pkg-javascript-devel@alioth-listsdebiannet&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Thu, 23 Feb 2023 21:09:01 UTC Severity: gra ...
Red Hat: Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Synopsis Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9 ...
Red Hat: Moderate: nodejs:18 security, bug fix, and enhancement update
Synopsis Moderate: nodejs:18 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...
Red Hat: Important: rh-nodejs14-nodejs security, bug fix, and enhancement update
Synopsis Important: rh-nodejs14-nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-nodejs14-nodejs is now available for Red Hat Software CollectionsRed Hat P ...
Red Hat: Moderate: nodejs:16 security, bug fix, and enhancement update
Synopsis Moderate: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Se ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 86 Extended Update ...
Red Hat: Important: nodejs:14 security, bug fix, and enhancement update
Synopsis Important: nodejs:14 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 84 Extended Update ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer
Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590 Affected products and versions are listed below Please upgrade your version to the appropriate versio ...

References

CWE-863https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/https://security.netapp.com/advisory/ntap-20230316-0008/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-23918
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook