CVE-2023-23918

Details

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.

Affected Packages

Windows:10240Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:14393Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:17763Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:18362Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:18363Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:19041Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:19042Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:19043Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:19044Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:19045Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:20348Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:22000Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:22621Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:22631Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:25398Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:26100Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

Windows:26200Node.js

Fixed in:

14.21.316.19.118.14.119.6.1

References

WEBhttps://nodejs.org/en/blog/vulnerability/february-2023-security-releases/WEBhttps://security.netapp.com/advisory/ntap-20230316-0008/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2023-23918

CVE-2023-23918

Details

Affected Packages

References

CVSS Analysis

Ecosystems

Timeline