Published: 21/08/2023 Updated: 15/09/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js

Debian Bug report logs - #1050739 nodejs: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 28 Aug 2023 19:45:02 UTC Severity: gra ...

Synopsis Important: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8Red Hat Product Se ...

Synopsis Important: nodejs security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat P ...

Synopsis Important: nodejs:18 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9Red Hat Product Se ...

Synopsis Important: nodejs:16 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 86 Extended Update ...

Synopsis Important: nodejs security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for nodejs is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...

DescriptionThe MITRE CVE dictionary describes this issue as: The use of `Module_load()` can bypass the policy mechanism and require modules outside of the policyjson definition for a given module This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16x, 18x and, 20x Please note that at the ...

Critical Infrastructure Sectors: Critical Manufacturing

NVD-CWE-noinfo https://hackerone.com/reports/1960870 https://security.netapp.com/advisory/ntap-20230915-0009/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050739 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15 https://access.redhat.com/security/cve/cve-2023-32002

CVE-2023-32002

Vulnerability Summary

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect