Wind River Support Network

HomeDefectsLIN1023-1652
Fixed

LIN1023-1652 : Security Advisory - nodejs - CVE-2023-32006

Created: Aug 9, 2023    Updated: Sep 18, 2023
Resolved Date: Sep 12, 2023
Found In Version: 10.23.30.1
Fix Version: 10.23.30.2
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.

This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.

Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

https://nvd.nist.gov/vuln/detail/CVE-2023-32006

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube