CVE-2023-32002
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 21, 2023
Updated: Sep 15, 2023
Summary
CVE-2023-32002 is a vulnerability affecting Node.js users with the experimental policy mechanism enabled in active release lines 16.x, 18.x, and 20.x. The issue lies in the `Module._load()` function, which can bypass the policy mechanism and require modules outside the defined scope in policy.json. This poses a security risk, as the policy mechanism is intended to restrict the use of modules to a specific set. At the time of this CVE, the policy feature was experimental in Node.js.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Nodejs Node.js
Affected Vendors
- Nodejs