USN-6822-1

It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. (CVE-2023-32002, CVE-2023-32006)

References

Affected packages

Ubuntu:22.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.9~dfsg-1ubuntu3.6

Affected versions

12.*

12.22.5~dfsg-5ubuntu1

12.22.7~dfsg-2ubuntu1

12.22.7~dfsg-2ubuntu3

12.22.9~dfsg-1ubuntu2

12.22.9~dfsg-1ubuntu3

12.22.9~dfsg-1ubuntu3.1

12.22.9~dfsg-1ubuntu3.2

12.22.9~dfsg-1ubuntu3.3

12.22.9~dfsg-1ubuntu3.4

12.22.9~dfsg-1ubuntu3.5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libnode-dev",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        },
        {
            "binary_name": "libnode72",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        },
        {
            "binary_name": "libnode72-dbgsym",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        },
        {
            "binary_name": "nodejs",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        },
        {
            "binary_name": "nodejs-dbgsym",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        },
        {
            "binary_name": "nodejs-doc",
            "binary_version": "12.22.9~dfsg-1ubuntu3.6"
        }
    ]
}