The host is installed with Node.js 16.0.x before 16.20.2, 18.0.x before 18.17.1, or 20.0.x before 20.5.1 and is prone to a security policy bypass vulnerability. A flaw is present in the application which fails to handle issues in the experimental policy mechanism in all active release lines. Successful exploitation allows attackers to bypass the policy mechanism and require modules outside of the policy.json definition for a given module.