Published: 23/11/2023 Updated: 11/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js

Debian Bug report logs - #1039990 nodejs: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 30 Jun 2023 17:21:02 UTC ...

Synopsis Moderate: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...

Synopsis Important: nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat P ...

Synopsis Moderate: nodejs:18 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8Red Hat Product Secu ...

Synopsis Moderate: nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...

Synopsis Important: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 86 Extended Update ...

Description This CVE is under investigation by Red Hat Product Security ...

Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-30581, CVE-2023-30585, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590 Affected products and versions are listed below Please upgrade your version to the appropriate versio ...

Critical Infrastructure Sectors: Critical Manufacturing

package that checks if your Node.js installation is vulnerable to known security vulnerabilities

is-my-node-vulnerable This package helps ensure the security of your Nodejs installation by checking for known vulnerabilities It compares the version of Nodejs you have installed (processversion) to the Nodejs Security Database and alerts you if a vulnerability is found Usage npx is-my-node-vulnerable It's strongly recommended

NVD-CWE-noinfo https://nodejs.org/en/blog/vulnerability/june-2023-security-releases https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039990 https://nvd.nist.gov https://github.com/RafaelGSS/is-my-node-vulnerable https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15 https://access.redhat.com/security/cve/cve-2023-30581

CVE-2023-30581

Vulnerability Summary

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect