Main Vulnerability Database Vulnerabilities #VU77586

#VU77586 Permissions, Privileges, and Access Controls in Node.js - CVE-2023-30581

Published: June 21, 2023

Vulnerability identifier: #VU77586

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-30581

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Node.js

Software vendor:
Node.js Foundation

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the use of proto in process.mainModule.proto.require(). This allows to bypass the policy mechanism and require modules outside of the policy.json definition.

Remediation

Install updates from vendor's website.

External links

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

#VU77586 Permissions, Privileges, and Access Controls in Node.js - CVE-2023-30581

Description

Remediation

External links

Please verify you're human