REDHAT-BUG-2219824
First published: Wed Jul 05 2023(Updated: )
The use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition. References: <a href="https://nodejs.org/en/blog/vulnerability/june-2023-security-releases">https://nodejs.org/en/blog/vulnerability/june-2023-security-releases</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Node.js |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2219828
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2219826
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2219825
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2219827
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2220686
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2220685
- https://github.com/nodejs/node/commit/daaa43ed967626b997439f3c708aae0925f8d85a
- https://access.redhat.com/errata/RHSA-2023:4331
- https://access.redhat.com/errata/RHSA-2023:4330
- https://access.redhat.com/errata/RHSA-2023:4536
- https://access.redhat.com/errata/RHSA-2023:4537
- https://access.redhat.com/security/cve/cve-2023-30581
- https://access.redhat.com/errata/RHSA-2023:5361
- https://access.redhat.com/errata/RHSA-2023:5533
- https://bugzilla.redhat.com/show_bug.cgi?id=2219824
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-30581
- agent/source
- agent/description
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/node.js
- canonical/node.js