First published: Mon Jun 10 2024(Updated: )
It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. (CVE-2023-32002, CVE-2023-32006) It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation. (CVE-2023-32559)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libnode108 | <18.13.0+dfsg1-1ubuntu2.3 | 18.13.0+dfsg1-1ubuntu2.3 |
Ubuntu | =23.10 | |
All of | ||
ubuntu/nodejs | <18.13.0+dfsg1-1ubuntu2.3 | 18.13.0+dfsg1-1ubuntu2.3 |
Ubuntu | =23.10 | |
All of | ||
ubuntu/libnode72 | <12.22.9~dfsg-1ubuntu3.6 | 12.22.9~dfsg-1ubuntu3.6 |
Ubuntu | =22.04 | |
All of | ||
ubuntu/nodejs | <12.22.9~dfsg-1ubuntu3.6 | 12.22.9~dfsg-1ubuntu3.6 |
Ubuntu | =22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-6822-1 is high, as it allows attackers to potentially bypass security policies.
To fix USN-6822-1, upgrade the affected packages to the recommended versions provided in the advisory.
USN-6822-1 impacts Ubuntu 22.04 and 23.10 systems using specific versions of Node.js and libnode.
USN-6822-1 is not a remote code execution vulnerability; it primarily involves bypassing policy mechanisms.
The affected packages in USN-6822-1 include nodejs and libnode for specific versions on Ubuntu.