CVE-2023-30581
CVSS v3.1
7.5 (High)
EPSS
0.05 % (23th)
Affected Products
1
Advisories
26
The use of proto in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.
Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- HackerOne
- Published Date
-
2023-11-23 00:15:07
(10 months ago) - Updated Date
-
2023-12-11 20:49:02
(9 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...