CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
25.6%
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5528 advisory.
@babel/traverse
prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse
, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate()
or path.evaluateTruthy()
internal Babel methods. Known affected plugins are @babel/plugin-transform-runtime
; @babel/preset-env
when using its useBuiltIns
option; and any polyfill provider plugin that depends on @babel/helper-define-polyfill-provider
, such as babel- plugin-polyfill-corejs3
, babel-plugin-polyfill-corejs2
, babel-plugin-polyfill-es-shims
, babel- plugin-polyfill-regenerator
. No other plugins under the @babel/
namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in @babel/[email protected]
and @babel/[email protected]
. Those who cannot upgrade @babel/traverse
and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected @babel/traverse
versions:@babel/plugin-transform-runtime
v7.23.2, @babel/preset-env
v7.23.2, @babel/helper-define-polyfill- provider
v0.4.3, babel-plugin-polyfill-corejs2
v0.4.6, babel-plugin-polyfill-corejs3
v0.8.5, babel- plugin-polyfill-es-shims
v0.10.0, babel-plugin-polyfill-regenerator
v0.5.3. (CVE-2023-45133)Note that Nessus has not tested for this issue but has instead relied only on the applicationโs self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5528. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(183207);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/25");
script_cve_id("CVE-2023-45133");
script_name(english:"Debian DSA-5528-1 : node-babel7 - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5528
advisory.
- Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4
and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an
attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the
`path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are
`@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any
polyfill provider plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-
plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-
plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party
plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed
in `@babel/[email protected]` and `@babel/[email protected]`. Those who cannot upgrade
`@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their
latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions:
`@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-
provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-
plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3. (CVE-2023-45133)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053880");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/node-babel7");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5528");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-45133");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/node-babel7");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/node-babel7");
script_set_attribute(attribute:"solution", value:
"Upgrade the node-babel7 packages.
For the stable distribution (bookworm), this problem has been fixed in version 7.20.15+ds1+~cs214.269.168-3+deb12u1.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-45133");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/12");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:node-babel7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:node-babel7-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:node-babel7-runtime");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:node-babel7-standalone");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+|^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0 / 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'node-babel7', 'reference': '7.12.12+~cs150.141.84-6+deb11u1'},
{'release': '11.0', 'prefix': 'node-babel7-runtime', 'reference': '7.12.12+~cs150.141.84-6+deb11u1'},
{'release': '11.0', 'prefix': 'node-babel7-standalone', 'reference': '7.12.12+~cs150.141.84-6+deb11u1'},
{'release': '12.0', 'prefix': 'node-babel7', 'reference': '7.20.15+ds1+~cs214.269.168-3+deb12u1'},
{'release': '12.0', 'prefix': 'node-babel7-debug', 'reference': '7.20.15+ds1+~cs214.269.168-3+deb12u1'},
{'release': '12.0', 'prefix': 'node-babel7-runtime', 'reference': '7.20.15+ds1+~cs214.269.168-3+deb12u1'},
{'release': '12.0', 'prefix': 'node-babel7-standalone', 'reference': '7.20.15+ds1+~cs214.269.168-3+deb12u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'node-babel7 / node-babel7-debug / node-babel7-runtime / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45133
bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053880
packages.debian.org/source/bookworm/node-babel7
packages.debian.org/source/bullseye/node-babel7
security-tracker.debian.org/tracker/CVE-2023-45133
security-tracker.debian.org/tracker/source-package/node-babel7
www.debian.org/security/2023/dsa-5528