[ALPINE:CVE-2023-38552] nodejs-current, nodejs vulnerability
Severity
High
Fixed Packages
67
CVEs
1
[From CVE-2023-38552] When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check.
Impacts:
This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.
Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.
- ID
- ALPINE:CVE-2023-38552
- Severity
- high
- Severity from
- CVE-2023-38552
- URL
- https://security.alpinelinux.org/vuln/CVE-2023-38552
- Published
-
2023-10-18T04:15:11
(11 months ago) - Modified
-
2023-10-18T04:15:11
(11 months ago) - Rights
- Alpine Linux Security Team
- Other Advisories
-
- ALSA-2023:5849
- ALSA-2023:5869
- ALSA-2023:7205
- DSA-5589-1
- ELSA-2023-5849
- ELSA-2023-5869
- ELSA-2023-7205
- FEDORA-2023-4d2fd884ea
- FEDORA-2023-7b52921cae
- FEDORA-2023-d5030c983c
- FEDORA-2023-dbe64661af
- FEDORA-2023-e9c04d81c1
- FEDORA-2023-f66fc0f62a
- RHSA-2023:5849
- RHSA-2023:5869
- RHSA-2023:7205
- SUSE-SU-2023:4132-1
- SUSE-SU-2023:4133-1
- SUSE-SU-2023:4150-1
- SUSE-SU-2023:4155-1
- SUSE-SU-2023:4207-1
- SUSE-SU-2023:4259-1
- SUSE-SU-2023:4373-1
- SUSE-SU-2023:4374-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:apk/alpine/nodejs?arch=x86_64&distro=alpine-edge | alpine | nodejs | = 18.18.2-r0 | alpine-edge | x86_64 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86_64&distro=alpine-3.20 | alpine | nodejs | = 18.18.2-r0 | alpine-3.20 | x86_64 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86_64&distro=alpine-3.19 | alpine | nodejs | = 18.18.2-r0 | alpine-3.19 | x86_64 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86_64&distro=alpine-3.18 | alpine | nodejs | = 18.18.2-r0 | alpine-3.18 | x86_64 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86_64&distro=alpine-3.17 | alpine | nodejs | = 18.18.2-r0 | alpine-3.17 | x86_64 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86&distro=alpine-edge | alpine | nodejs | = 18.18.2-r0 | alpine-edge | x86 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86&distro=alpine-3.20 | alpine | nodejs | = 18.18.2-r0 | alpine-3.20 | x86 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86&distro=alpine-3.19 | alpine | nodejs | = 18.18.2-r0 | alpine-3.19 | x86 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86&distro=alpine-3.18 | alpine | nodejs | = 18.18.2-r0 | alpine-3.18 | x86 | |
Fixed | pkg:apk/alpine/nodejs?arch=x86&distro=alpine-3.17 | alpine | nodejs | = 18.18.2-r0 | alpine-3.17 | x86 | |
Fixed | pkg:apk/alpine/nodejs?arch=s390x&distro=alpine-edge | alpine | nodejs | = 18.18.2-r0 | alpine-edge | s390x | |
Fixed | pkg:apk/alpine/nodejs?arch=s390x&distro=alpine-3.20 | alpine | nodejs | = 18.18.2-r0 | alpine-3.20 | s390x | |
Fixed | pkg:apk/alpine/nodejs?arch=s390x&distro=alpine-3.19 | alpine | nodejs | = 18.18.2-r0 | alpine-3.19 | s390x | |
Fixed | pkg:apk/alpine/nodejs?arch=s390x&distro=alpine-3.18 | alpine | nodejs | = 18.18.2-r0 | alpine-3.18 | s390x | |
Fixed | pkg:apk/alpine/nodejs?arch=s390x&distro=alpine-3.17 | alpine | nodejs | = 18.18.2-r0 | alpine-3.17 | s390x | |
Fixed | pkg:apk/alpine/nodejs?arch=riscv64&distro=alpine-edge | alpine | nodejs | = 18.18.2-r0 | alpine-edge | riscv64 | |
Fixed | pkg:apk/alpine/nodejs?arch=riscv64&distro=alpine-3.20 | alpine | nodejs | = 18.18.2-r0 | alpine-3.20 | riscv64 | |
Fixed | pkg:apk/alpine/nodejs?arch=ppc64le&distro=alpine-edge | alpine | nodejs | = 18.18.2-r0 | alpine-edge | ppc64le | |
Fixed | pkg:apk/alpine/nodejs?arch=ppc64le&distro=alpine-3.20 | alpine | nodejs | = 18.18.2-r0 | alpine-3.20 | ppc64le | |
Fixed | pkg:apk/alpine/nodejs?arch=ppc64le&distro=alpine-3.19 | alpine | nodejs | = 18.18.2-r0 | alpine-3.19 | ppc64le | |
Fixed | pkg:apk/alpine/nodejs?arch=ppc64le&distro=alpine-3.18 | alpine | nodejs | = 18.18.2-r0 | alpine-3.18 | ppc64le | |
Fixed | pkg:apk/alpine/nodejs?arch=ppc64le&distro=alpine-3.17 | alpine | nodejs | = 18.18.2-r0 | alpine-3.17 | ppc64le | |
Fixed | pkg:apk/alpine/nodejs?arch=armv7&distro=alpine-edge | alpine | nodejs | = 18.18.2-r0 | alpine-edge | armv7 | |
Fixed | pkg:apk/alpine/nodejs?arch=armv7&distro=alpine-3.20 | alpine | nodejs | = 18.18.2-r0 | alpine-3.20 | armv7 | |
Fixed | pkg:apk/alpine/nodejs?arch=armv7&distro=alpine-3.19 | alpine | nodejs | = 18.18.2-r0 | alpine-3.19 | armv7 | |
Fixed | pkg:apk/alpine/nodejs?arch=armv7&distro=alpine-3.18 | alpine | nodejs | = 18.18.2-r0 | alpine-3.18 | armv7 | |
Fixed | pkg:apk/alpine/nodejs?arch=armv7&distro=alpine-3.17 | alpine | nodejs | = 18.18.2-r0 | alpine-3.17 | armv7 | |
Fixed | pkg:apk/alpine/nodejs?arch=armhf&distro=alpine-edge | alpine | nodejs | = 18.18.2-r0 | alpine-edge | armhf | |
Fixed | pkg:apk/alpine/nodejs?arch=armhf&distro=alpine-3.20 | alpine | nodejs | = 18.18.2-r0 | alpine-3.20 | armhf | |
Fixed | pkg:apk/alpine/nodejs?arch=armhf&distro=alpine-3.19 | alpine | nodejs | = 18.18.2-r0 | alpine-3.19 | armhf | |
Fixed | pkg:apk/alpine/nodejs?arch=armhf&distro=alpine-3.18 | alpine | nodejs | = 18.18.2-r0 | alpine-3.18 | armhf | |
Fixed | pkg:apk/alpine/nodejs?arch=armhf&distro=alpine-3.17 | alpine | nodejs | = 18.18.2-r0 | alpine-3.17 | armhf | |
Fixed | pkg:apk/alpine/nodejs?arch=aarch64&distro=alpine-edge | alpine | nodejs | = 18.18.2-r0 | alpine-edge | aarch64 | |
Fixed | pkg:apk/alpine/nodejs?arch=aarch64&distro=alpine-3.20 | alpine | nodejs | = 18.18.2-r0 | alpine-3.20 | aarch64 | |
Fixed | pkg:apk/alpine/nodejs?arch=aarch64&distro=alpine-3.19 | alpine | nodejs | = 18.18.2-r0 | alpine-3.19 | aarch64 | |
Fixed | pkg:apk/alpine/nodejs?arch=aarch64&distro=alpine-3.18 | alpine | nodejs | = 18.18.2-r0 | alpine-3.18 | aarch64 | |
Fixed | pkg:apk/alpine/nodejs?arch=aarch64&distro=alpine-3.17 | alpine | nodejs | = 18.18.2-r0 | alpine-3.17 | aarch64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86_64&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | x86_64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86_64&distro=alpine-3.20 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.20 | x86_64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86_64&distro=alpine-3.19 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.19 | x86_64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86_64&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | x86_64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | x86 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86&distro=alpine-3.20 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.20 | x86 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86&distro=alpine-3.19 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.19 | x86 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | x86 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=s390x&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | s390x | |
Fixed | pkg:apk/alpine/nodejs-current?arch=s390x&distro=alpine-3.20 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.20 | s390x | |
Fixed | pkg:apk/alpine/nodejs-current?arch=s390x&distro=alpine-3.19 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.19 | s390x | |
Fixed | pkg:apk/alpine/nodejs-current?arch=s390x&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | s390x | |
Fixed | pkg:apk/alpine/nodejs-current?arch=riscv64&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | riscv64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=riscv64&distro=alpine-3.20 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.20 | riscv64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=ppc64le&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | ppc64le | |
Fixed | pkg:apk/alpine/nodejs-current?arch=ppc64le&distro=alpine-3.20 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.20 | ppc64le | |
Fixed | pkg:apk/alpine/nodejs-current?arch=ppc64le&distro=alpine-3.19 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.19 | ppc64le | |
Fixed | pkg:apk/alpine/nodejs-current?arch=ppc64le&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | ppc64le | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armv7&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | armv7 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armv7&distro=alpine-3.20 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.20 | armv7 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armv7&distro=alpine-3.19 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.19 | armv7 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armv7&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | armv7 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armhf&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | armhf | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armhf&distro=alpine-3.20 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.20 | armhf | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armhf&distro=alpine-3.19 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.19 | armhf | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armhf&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | armhf | |
Fixed | pkg:apk/alpine/nodejs-current?arch=aarch64&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | aarch64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=aarch64&distro=alpine-3.20 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.20 | aarch64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=aarch64&distro=alpine-3.19 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.19 | aarch64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=aarch64&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |