Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

PRIOn knowledge basePRION:CVE-2023-32002

HistoryAug 21, 2023 - 5:15 p.m.

Vulners
/
Prion
/
Code injection

Code injection

2023-08-2117:15:00

PRIOn knowledge base

www.prio-n.com

module._load bypass

policy mechanism

require modules

experimental feature

node.js

cve

nvd

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

The use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.

This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.

Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

CPENameOperatorVersion
node.jsge20.0.0
node.jsle20.5.0
node.jsge18.0.0
node.jsle18.17.0
node.jsge16.0.0
node.jsle16.20.1

Name	Operator	Version
node.js	ge	20.0.0
node.js	le	20.5.0
node.js	ge	18.0.0
node.js	le	18.17.0
node.js	ge	16.0.0
node.js	le	16.20.1

References

hackerone.com/reports/1960870

security.netapp.com/advisory/ntap-20230915-0009/

osv 10

cgr 1

alpinelinux 1

ibm 17

veracode 1

ubuntucve 1

cve 1

redhatcve 1

nvd 1

debiancve 1

cbl_mariner 2

hackerone 2

cvelist 1

wolfi 1

mageia 1

nessus 32

rocky 2

openvas 18

ubuntu 1

almalinux 4

oraclelinux 4

redhat 6

photon 2

fedora 6

nodejsblog 1

f5 1

debian 1

gentoo 1

ics 1

oracle 1

osv

CVE-2023-32002

2023-08-21 17:15:47

BIT-node-2023-32002

2024-03-06 11:00:35

nodejs vulnerabilities

2024-06-10 08:42:42

cgr

CVE-2023-32002 vulnerabilities

2024-05-19 03:07:16

alpinelinux

CVE-2023-32002

2023-08-21 17:15:47

ibm

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Module._load() module (CVE-2023-32002)

2023-11-29 22:26:37

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass

2023-10-26 11:23:21

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2024-02-05 15:16:41

veracode

Type Confusion

2023-08-23 17:05:15

ubuntucve

CVE-2023-32002

2023-08-21 00:00:00

cve

CVE-2023-32002

2023-08-21 17:15:47

redhatcve

CVE-2023-32002

2023-08-22 07:19:21

nvd

CVE-2023-32002

2023-08-21 17:15:47

debiancve

CVE-2023-32002

2023-08-21 17:15:47

cbl_mariner

CVE-2023-32002 affecting package nodejs for versions less than 16.20.2-2

2023-09-27 18:02:50

CVE-2023-32002 affecting package nodejs18 for versions less than 18.17.1-2

2023-09-27 18:02:50

hackerone

Node.js: Permissions policies can be bypassed via Module._load.

2023-04-25 05:15:56

Internet Bug Bounty: Permissions policies can be bypassed via Module._load and require.extensions (High) (CVE-2023-30587)

2023-09-30 19:26:08

cvelist

CVE-2023-32002

2023-08-21 16:52:42

wolfi

CVE-2023-32002 vulnerabilities

2024-07-05 21:08:40

mageia

Updated nodejs packages fix security vulnerability

2023-09-25 01:16:18

nessus

Oracle Linux 9 : nodejs (ELSA-2023-5532)

2023-10-10 00:00:00

Ubuntu 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6822-1)

2024-06-10 00:00:00

Rocky Linux 9 : nodejs (RLSA-2023:5532)

2023-10-14 00:00:00

rocky

nodejs security and bug fix update

2023-10-14 02:08:35

nodejs:18 security, bug fix, and enhancement update

2023-10-05 21:35:58

openvas

Ubuntu: Security Advisory (USN-6822-1)

2024-06-11 00:00:00

Mageia: Security Advisory (MGASA-2023-0264)

2023-09-25 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:3400-1)

2023-08-24 00:00:00

ubuntu

Node.js vulnerabilities

2024-06-10 00:00:00

almalinux

Important: nodejs security and bug fix update

2023-10-09 00:00:00

Important: nodejs:18 security, bug fix, and enhancement update

2023-09-26 00:00:00

Important: nodejs:18 security, bug fix, and enhancement update

2023-09-26 00:00:00

oraclelinux

nodejs security and bug fix update

2023-10-10 00:00:00

nodejs:16 security, bug fix, and enhancement update

2023-09-28 00:00:00

nodejs:18 security, bug fix, and enhancement update

2023-09-28 00:00:00

redhat

(RHSA-2023:5532) Important: nodejs security and bug fix update

2023-10-09 09:46:53

(RHSA-2023:5362) Important: nodejs:18 security, bug fix, and enhancement update

2023-09-26 14:27:17

(RHSA-2023:5363) Important: nodejs:18 security, bug fix, and enhancement update

2023-09-26 14:27:56

photon

Critical Photon OS Security Update - PHSA-2023-5.0-0082

2023-08-29 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0642

2023-09-01 00:00:00

fedora

[SECURITY] Fedora 37 Update: nodejs20-20.5.1-1.fc37

2023-08-19 00:48:29

[SECURITY] Fedora 37 Update: nodejs16-16.20.2-1.fc37

2023-08-19 00:48:28

[SECURITY] Fedora 37 Update: nodejs18-18.17.1-1.fc37

2023-08-19 00:48:28

nodejsblog

Wednesday August 9th 2023 Security Releases

2023-08-09 00:00:00

K000135997 : Multiple Node.js vulnerabilities

2023-08-28 00:00:00

debian

[SECURITY] [DSA 5589-1] nodejs security update

2023-12-27 22:12:40

gentoo

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

ics

Siemens SINEC NMS

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for PRION:CVE-2023-32002