RHSA-2023:5360HighCVSS 8.8
Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update
🔗 CVE IDs covered (4)
📋 Description
CVE-2022-25883 — nodejs-semver: Regular expression denial of service CVE-2023-32002 — nodejs: Permissions policies can be bypassed via Module._load CVE-2023-32006 — nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() CVE-2023-32559 — nodejs: Permissions policies can be bypassed via process.binding
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2023:5360
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2216475
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230948
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230955
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230956
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2233891
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237394
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5360.json