UBUNTU-CVE-2023-45133
- Source
- https://ubuntu.com/security/CVE-2023-45133
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-45133.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-45133
- Upstream
- Published
- 2023-10-12T17:15:00Z
- Modified
- 2025-09-08T16:56:32Z
- Severity
-
- 9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Babel is a compiler for writingJavaScript. In
@babel/traverseprior to versions 7.23.2 and 8.0.0-alpha.4 and all versions ofbabel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on thepath.evaluate()orpath.evaluateTruthy()internal Babel methods. Known affected plugins are@babel/plugin-transform-runtime;@babel/preset-envwhen using itsuseBuiltInsoption; and any "polyfill provider" plugin that depends on@babel/helper-define-polyfill-provider, such asbabel-plugin-polyfill-corejs3,babel-plugin-polyfill-corejs2,babel-plugin-polyfill-es-shims,babel-plugin-polyfill-regenerator. No other plugins under the@babel/namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in@babel/traverse@7.23.2and@babel/traverse@8.0.0-alpha.4. Those who cannot upgrade@babel/traverseand are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected@babel/traverseversions:@babel/plugin-transform-runtimev7.23.2,@babel/preset-envv7.23.2,@babel/helper-define-polyfill-providerv0.4.3,babel-plugin-polyfill-corejs2v0.4.6,babel-plugin-polyfill-corejs3v0.8.5,babel-plugin-polyfill-es-shimsv0.10.0,babel-plugin-polyfill-regeneratorv0.5.3. - References
-
- https://ubuntu.com/security/CVE-2023-45133
- https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
- https://github.com/babel/babel/pull/16033
- https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4
- https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82
- https://github.com/babel/babel/releases/tag/v7.23.2
- https://www.debian.org/security/2023/dsa-5528
- https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html
- https://www.cve.org/CVERecord?id=CVE-2023-45133
Affected packages
Ubuntu:Pro:18.04:LTS / node-babel
Package
- Name
- node-babel
- Purl
- pkg:deb/ubuntu/node-babel@6.26.0+dfsg-3build6?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "node-babel-cli",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-code-frame",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-core",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-generator",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-bindify-decorators",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-builder-binary-assignment-operator-visitor",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-builder-react-jsx",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-call-delegate",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-define-map",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-explode-assignable-expression",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-explode-class",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-function-name",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-get-function-arity",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-hoist-variables",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-optimise-call-expression",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-regex",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-remap-async-to-generator",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helper-replace-supers",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-helpers",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-messages",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-external-helpers",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-async-functions",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-async-generators",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-class-constructor-call",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-class-properties",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-decorators",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-do-expressions",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-dynamic-import",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-exponentiation-operator",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-export-extensions",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-flow",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-function-bind",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-jsx",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-object-rest-spread",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-syntax-trailing-function-commas",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-async-generator-functions",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-async-to-generator",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-class-constructor-call",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-class-properties",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-decorators",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-do-expressions",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-es3-member-expression-literals",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-es3-property-literals",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-exponentiation-operator",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-export-extensions",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-flow-strip-types",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-function-bind",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-jscript",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-object-rest-spread",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-proto-to-assign",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-react-display-name",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-react-jsx",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-react-jsx-self",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-react-jsx-source",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-regenerator",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-runtime",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-plugin-transform-strict-mode",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-polyfill",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-es2015",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-es2016",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-es2017",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-flow",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-latest",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-react",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-stage-0",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-stage-1",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-stage-2",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-preset-stage-3",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-register",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-runtime",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-template",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-traverse",
"binary_version": "6.26.0+dfsg-3build6"
},
{
"binary_name": "node-babel-types",
"binary_version": "6.26.0+dfsg-3build6"
}
]
}
Ubuntu:Pro:20.04:LTS / node-babel
Package
- Name
- node-babel
- Purl
- pkg:deb/ubuntu/node-babel@6.26.0+repack-3?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "node-babel-cli",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-code-frame",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-core",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-generator",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-bindify-decorators",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-builder-binary-assignment-operator-visitor",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-builder-react-jsx",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-call-delegate",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-define-map",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-explode-assignable-expression",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-explode-class",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-function-name",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-get-function-arity",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-hoist-variables",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-optimise-call-expression",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-regex",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-remap-async-to-generator",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helper-replace-supers",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-helpers",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-messages",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-external-helpers",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-async-functions",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-async-generators",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-class-constructor-call",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-class-properties",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-decorators",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-do-expressions",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-dynamic-import",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-exponentiation-operator",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-export-extensions",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-flow",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-function-bind",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-jsx",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-object-rest-spread",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-syntax-trailing-function-commas",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-async-generator-functions",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-async-to-generator",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-class-constructor-call",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-class-properties",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-decorators",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-do-expressions",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-es3-member-expression-literals",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-es3-property-literals",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-exponentiation-operator",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-export-extensions",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-flow-strip-types",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-function-bind",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-jscript",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-object-rest-spread",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-proto-to-assign",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-react-display-name",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-react-jsx",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-react-jsx-self",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-react-jsx-source",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-regenerator",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-runtime",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-plugin-transform-strict-mode",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-polyfill",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-es2015",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-es2016",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-es2017",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-flow",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-latest",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-react",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-stage-0",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-stage-1",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-stage-2",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-preset-stage-3",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-register",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-runtime",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-template",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-traverse",
"binary_version": "6.26.0+repack-3"
},
{
"binary_name": "node-babel-types",
"binary_version": "6.26.0+repack-3"
}
]
}
Ubuntu:22.04:LTS / node-babel7
Package
- Name
- node-babel7
- Purl
- pkg:deb/ubuntu/node-babel7@7.12.12+~cs150.141.84-8?arch=source&distro=jammy
Ubuntu:24.04:LTS / node-babel7
Package
- Name
- node-babel7
- Purl
- pkg:deb/ubuntu/node-babel7@7.20.15+ds1+~cs214.269.168-6build1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.20.15+ds1+~cs214.269.168-4
7.20.15+ds1+~cs214.269.168-5
7.20.15+ds1+~cs214.269.168-6
7.20.15+ds1+~cs214.269.168-6build1
Ecosystem specific
{
"binaries": [
{
"binary_name": "node-babel7",
"binary_version": "7.20.15+ds1+~cs214.269.168-6build1"
},
{
"binary_name": "node-babel7-debug",
"binary_version": "7.20.15+ds1+~cs214.269.168-6build1"
},
{
"binary_name": "node-babel7-runtime",
"binary_version": "7.20.15+ds1+~cs214.269.168-6build1"
},
{
"binary_name": "node-babel7-standalone",
"binary_version": "7.20.15+ds1+~cs214.269.168-6build1"
}
]
}