BIT-node-2023-30581

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2023-30581.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-node-2023-30581

Aliases

CVE-2023-30581

Published

2024-03-06T11:01:38.980Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

The use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

References

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

Affected packages

Bitnami / node

Package

Name: node
Purl: pkg:bitnami/node

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

16.0.0

Fixed

16.20.1

Introduced

18.0.0

Fixed

18.16.1

Introduced

20.0.0

Fixed

20.3.1