Security policy bypass vulnerability in Node.js - CVE-2023-32002ID: oval:org.secpod.oval:def:92932 | Date: (C)2023-09-08 (M)2024-02-19 |
Class: VULNERABILITY | Family: windows |
The host is installed with Node.js 16.0.x before 16.20.2, 18.0.x before 18.17.1, or 20.0.x before 20.5.1 and is prone to a security policy bypass vulnerability. A flaw is present in the application which fails to handle issues in the experimental policy mechanism in all active release lines. Successful exploitation allows attackers to bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
Platform: |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows 7 |
Microsoft Windows 10 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows 11 |
Microsoft Windows Server 2022 |