CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-32002

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.8%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2023-32002

Nodejs » Node.js » Version: 16.0.0

cpe:2.3:a:nodejs:node.js:16.0.0
Nodejs » Node.js » Version: 16.1.0

cpe:2.3:a:nodejs:node.js:16.1.0
Nodejs » Node.js » Version: 16.10.0

cpe:2.3:a:nodejs:node.js:16.10.0
Nodejs » Node.js » Version: 16.11.0

cpe:2.3:a:nodejs:node.js:16.11.0
Nodejs » Node.js » Version: 16.11.1

cpe:2.3:a:nodejs:node.js:16.11.1
Nodejs » Node.js » Version: 16.12.0

cpe:2.3:a:nodejs:node.js:16.12.0
Nodejs » Node.js » Version: 16.13.0

cpe:2.3:a:nodejs:node.js:16.13.0
Nodejs » Node.js » Version: 16.13.1

cpe:2.3:a:nodejs:node.js:16.13.1
Nodejs » Node.js » Version: 16.13.2

cpe:2.3:a:nodejs:node.js:16.13.2
Nodejs » Node.js » Version: 16.14.0

cpe:2.3:a:nodejs:node.js:16.14.0
Nodejs » Node.js » Version: 16.14.1

cpe:2.3:a:nodejs:node.js:16.14.1
Nodejs » Node.js » Version: 16.14.2

cpe:2.3:a:nodejs:node.js:16.14.2
Nodejs » Node.js » Version: 16.15.0

cpe:2.3:a:nodejs:node.js:16.15.0
Nodejs » Node.js » Version: 16.15.1

cpe:2.3:a:nodejs:node.js:16.15.1
Nodejs » Node.js » Version: 16.16.0

cpe:2.3:a:nodejs:node.js:16.16.0
Nodejs » Node.js » Version: 16.17.0

cpe:2.3:a:nodejs:node.js:16.17.0
Nodejs » Node.js » Version: 16.17.1

cpe:2.3:a:nodejs:node.js:16.17.1
Nodejs » Node.js » Version: 16.18.0

cpe:2.3:a:nodejs:node.js:16.18.0
Nodejs » Node.js » Version: 16.18.1

cpe:2.3:a:nodejs:node.js:16.18.1
Nodejs » Node.js » Version: 16.19.0

cpe:2.3:a:nodejs:node.js:16.19.0
Nodejs » Node.js » Version: 16.19.1

cpe:2.3:a:nodejs:node.js:16.19.1
Nodejs » Node.js » Version: 16.2.0

cpe:2.3:a:nodejs:node.js:16.2.0
Nodejs » Node.js » Version: 16.20.0

cpe:2.3:a:nodejs:node.js:16.20.0
Nodejs » Node.js » Version: 16.20.1

cpe:2.3:a:nodejs:node.js:16.20.1
Nodejs » Node.js » Version: 16.3.0

cpe:2.3:a:nodejs:node.js:16.3.0
Nodejs » Node.js » Version: 16.4.0

cpe:2.3:a:nodejs:node.js:16.4.0
Nodejs » Node.js » Version: 16.4.1

cpe:2.3:a:nodejs:node.js:16.4.1
Nodejs » Node.js » Version: 16.4.2

cpe:2.3:a:nodejs:node.js:16.4.2
Nodejs » Node.js » Version: 16.5.0

cpe:2.3:a:nodejs:node.js:16.5.0
Nodejs » Node.js » Version: 16.6.0

cpe:2.3:a:nodejs:node.js:16.6.0
Nodejs » Node.js » Version: 16.6.1

cpe:2.3:a:nodejs:node.js:16.6.1
Nodejs » Node.js » Version: 16.6.2

cpe:2.3:a:nodejs:node.js:16.6.2
Nodejs » Node.js » Version: 16.7.0

cpe:2.3:a:nodejs:node.js:16.7.0
Nodejs » Node.js » Version: 16.8.0

cpe:2.3:a:nodejs:node.js:16.8.0
Nodejs » Node.js » Version: 16.9.0

cpe:2.3:a:nodejs:node.js:16.9.0
Nodejs » Node.js » Version: 16.9.1

cpe:2.3:a:nodejs:node.js:16.9.1
Nodejs » Node.js » Version: 18.0.0

cpe:2.3:a:nodejs:node.js:18.0.0
Nodejs » Node.js » Version: 18.0.1

cpe:2.3:a:nodejs:node.js:18.0.1
Nodejs » Node.js » Version: 18.0.2

cpe:2.3:a:nodejs:node.js:18.0.2
Nodejs » Node.js » Version: 18.0.3

cpe:2.3:a:nodejs:node.js:18.0.3
Nodejs » Node.js » Version: 18.0.4

cpe:2.3:a:nodejs:node.js:18.0.4
Nodejs » Node.js » Version: 18.0.5

cpe:2.3:a:nodejs:node.js:18.0.5
Nodejs » Node.js » Version: 18.0.6

cpe:2.3:a:nodejs:node.js:18.0.6
Nodejs » Node.js » Version: 18.1.0

cpe:2.3:a:nodejs:node.js:18.1.0
Nodejs » Node.js » Version: 18.10.0

cpe:2.3:a:nodejs:node.js:18.10.0
Nodejs » Node.js » Version: 18.11.0

cpe:2.3:a:nodejs:node.js:18.11.0
Nodejs » Node.js » Version: 18.12.0

cpe:2.3:a:nodejs:node.js:18.12.0
Nodejs » Node.js » Version: 18.12.1

cpe:2.3:a:nodejs:node.js:18.12.1
Nodejs » Node.js » Version: 18.13.0

cpe:2.3:a:nodejs:node.js:18.13.0
Nodejs » Node.js » Version: 18.14.0

cpe:2.3:a:nodejs:node.js:18.14.0
Nodejs » Node.js » Version: 18.14.1

cpe:2.3:a:nodejs:node.js:18.14.1
Nodejs » Node.js » Version: 18.14.2

cpe:2.3:a:nodejs:node.js:18.14.2
Nodejs » Node.js » Version: 18.15.0

cpe:2.3:a:nodejs:node.js:18.15.0
Nodejs » Node.js » Version: 18.16.0

cpe:2.3:a:nodejs:node.js:18.16.0
Nodejs » Node.js » Version: 18.16.1

cpe:2.3:a:nodejs:node.js:18.16.1
Nodejs » Node.js » Version: 18.17.0

cpe:2.3:a:nodejs:node.js:18.17.0
Nodejs » Node.js » Version: 18.2.0

cpe:2.3:a:nodejs:node.js:18.2.0
Nodejs » Node.js » Version: 18.3.0

cpe:2.3:a:nodejs:node.js:18.3.0
Nodejs » Node.js » Version: 18.4.0

cpe:2.3:a:nodejs:node.js:18.4.0
Nodejs » Node.js » Version: 18.5.0

cpe:2.3:a:nodejs:node.js:18.5.0
Nodejs » Node.js » Version: 18.6.0

cpe:2.3:a:nodejs:node.js:18.6.0
Nodejs » Node.js » Version: 18.7.0

cpe:2.3:a:nodejs:node.js:18.7.0
Nodejs » Node.js » Version: 18.8.0

cpe:2.3:a:nodejs:node.js:18.8.0
Nodejs » Node.js » Version: 18.9.0

cpe:2.3:a:nodejs:node.js:18.9.0
Nodejs » Node.js » Version: 18.9.1

cpe:2.3:a:nodejs:node.js:18.9.1
Nodejs » Node.js » Version: 20.0.0

cpe:2.3:a:nodejs:node.js:20.0.0
Nodejs » Node.js » Version: 20.1.0

cpe:2.3:a:nodejs:node.js:20.1.0
Nodejs » Node.js » Version: 20.2.0

cpe:2.3:a:nodejs:node.js:20.2.0
Nodejs » Node.js » Version: 20.3.0

cpe:2.3:a:nodejs:node.js:20.3.0
Nodejs » Node.js » Version: 20.3.1

cpe:2.3:a:nodejs:node.js:20.3.1
Nodejs » Node.js » Version: 20.4.0

cpe:2.3:a:nodejs:node.js:20.4.0
Nodejs » Node.js » Version: 20.5.0

cpe:2.3:a:nodejs:node.js:20.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-32002

Products

Pricing

Contact Us