CVE-2023-30581

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-30581
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30581.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-30581
Aliases
Related
Published
2023-11-23T00:15:07Z
Modified
2024-06-06T14:23:22.017115Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.

Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events

Affected versions

v20.*

v20.0.0
v20.1.0
v20.2.0
v20.3.0