What is the severity of REDHAT-BUG-2230948?

The severity of REDHAT-BUG-2230948 is considered high due to the ability to bypass security policies.

How do I fix REDHAT-BUG-2230948?

To fix REDHAT-BUG-2230948, update Node.js to the latest stable version where this vulnerability is addressed.

Which versions of Node.js are affected by REDHAT-BUG-2230948?

Node.js versions 16.x, 18.x, and 20.x are affected by REDHAT-BUG-2230948.

Is the policy mechanism relevant to REDHAT-BUG-2230948?

Yes, the policy mechanism is relevant as the vulnerability allows bypassing it when using Module._load().

What can be exploited in REDHAT-BUG-2230948?

In REDHAT-BUG-2230948, the exploit allows requiring modules outside of the defined policy.json, potentially compromising application security.

Vulnerability/
REDHAT-BUG-2230948

high

10/8/2023

1/2/2024

REDHAT-BUG-2230948

First published: Thu Aug 10 2023(Updated: )

The use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Security Advisory: <a href="https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002">https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002</a>

Affected Software	Affected Version	How to fix
Node.js	>=16.x>=18.x>=20.x

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2230948?
The severity of REDHAT-BUG-2230948 is considered high due to the ability to bypass security policies.
How do I fix REDHAT-BUG-2230948?
To fix REDHAT-BUG-2230948, update Node.js to the latest stable version where this vulnerability is addressed.
Which versions of Node.js are affected by REDHAT-BUG-2230948?
Node.js versions 16.x, 18.x, and 20.x are affected by REDHAT-BUG-2230948.
Is the policy mechanism relevant to REDHAT-BUG-2230948?
Yes, the policy mechanism is relevant as the vulnerability allows bypassing it when using Module._load().
What can be exploited in REDHAT-BUG-2230948?
In REDHAT-BUG-2230948, the exploit allows requiring modules outside of the defined policy.json, potentially compromising application security.

agent/references
agent/type
agent/first-publish-date
agent/severity
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-32002
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/node.js
canonical/node.js

Frequently Asked Questions

What is the severity of REDHAT-BUG-2230948?
The severity of REDHAT-BUG-2230948 is considered high due to the ability to bypass security policies.
How do I fix REDHAT-BUG-2230948?
To fix REDHAT-BUG-2230948, update Node.js to the latest stable version where this vulnerability is addressed.
Which versions of Node.js are affected by REDHAT-BUG-2230948?
Node.js versions 16.x, 18.x, and 20.x are affected by REDHAT-BUG-2230948.
Is the policy mechanism relevant to REDHAT-BUG-2230948?
Yes, the policy mechanism is relevant as the vulnerability allows bypassing it when using Module._load().
What can be exploited in REDHAT-BUG-2230948?
In REDHAT-BUG-2230948, the exploit allows requiring modules outside of the defined policy.json, potentially compromising application security.

REDHAT-BUG-2230948

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2230948?

How do I fix REDHAT-BUG-2230948?

Which versions of Node.js are affected by REDHAT-BUG-2230948?

Is the policy mechanism relevant to REDHAT-BUG-2230948?

What can be exploited in REDHAT-BUG-2230948?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of REDHAT-BUG-2230948?

How do I fix REDHAT-BUG-2230948?

Which versions of Node.js are affected by REDHAT-BUG-2230948?

Is the policy mechanism relevant to REDHAT-BUG-2230948?

What can be exploited in REDHAT-BUG-2230948?