Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Mondoo Vulnerability Intelligence
Search vulnerabilities and malicious packages across npm, PyPI, Go, GitHub Actions, VS Code, and more.
Search vulnerabilities and malicious packages across npm, PyPI, Go, GitHub Actions, VS Code, and more.
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16). (BZ#2233891)
Security Fix(es):
nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002)
nodejs-semver: Regular expression denial of service (CVE-2022-25883)
nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006)
nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
0:3.0.1-1.module+el8.10.0+1824+532140ee0:3.0.1-1.module+el8.10.0+1988+437f3d230:3.0.1-1.module+el8.10.0+1989+e60144d90:3.0.1-1.module+el8.9.0+1760+903d54b90:26-1.module+el8.9.0+1760+903d54b9Exploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H