跳转到帖子

Oracle Linux: CVE-2023-23918: ELSA-2023-1582: nodejs:16 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Oracle Linux: CVE-2023-23918: ELSA-2023-1582:nodejs:16 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
02/16/2023
Created
05/05/2023
Added
04/05/2023
Modified
01/08/2025

Description

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.

Solution(s)

  • oracle-linux-upgrade-nodejs
  • oracle-linux-upgrade-nodejs-devel
  • oracle-linux-upgrade-nodejs-docs
  • oracle-linux-upgrade-nodejs-full-i18n
  • oracle-linux-upgrade-nodejs-libs
  • oracle-linux-upgrade-nodejs-nodemon
  • oracle-linux-upgrade-nodejs-packaging
  • oracle-linux-upgrade-nodejs-packaging-bundler
  • oracle-linux-upgrade-npm

References

  • https://attackerkb.com/topics/cve-2023-23918
  • CVE - 2023-23918
  • ELSA-2023-1582
  • ELSA-2023-2654
  • ELSA-2023-2655
  • ELSA-2023-1583
  • ELSA-2023-1743
  • 引用
  • Mention
    • 查看数 694
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表