Test ID:	1.3.6.1.4.1.25623.1.0.170537
Category:	General
Title:	Node.js 16.x < 16.20.2, 18.x < 18.17.1, 20.x < 20.5.1 Multiple Vulnerabilities - Windows
Summary:	Node.js is prone to multiple vulnerabilities.
Description:	Summary: Node.js is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2023-32002: Permissions policies can be bypassed via Module._load - CVE-2023-32006: Permissions policies can impersonate other modules in using module.constructor.createRequire() - CVE-2023-32559: Permissions policies can be bypassed via process.binding - CVE-2023-2975, CVE-2023-3446, CVE-2023-3817: OpenSSL security updates Affected Software/OS: Node.js version 16.x through 16.20.1, 18.x through 18.17.0 and 20.x through 20.5.0. Solution: Update to version 16.20.2, 18.17.1, 20.5.1 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-32002 https://hackerone.com/reports/1960870 Common Vulnerability Exposure (CVE) ID: CVE-2023-32006 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/ https://hackerone.com/reports/2043807 Common Vulnerability Exposure (CVE) ID: CVE-2023-32559 https://hackerone.com/reports/1946470 Common Vulnerability Exposure (CVE) ID: CVE-2023-2975 https://security.gentoo.org/glsa/202402-08 3.0.10 git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598 3.1.2 git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc OpenSSL Advisory https://www.openssl.org/news/secadv/20230714.txt http://www.openwall.com/lists/oss-security/2023/07/15/1 http://www.openwall.com/lists/oss-security/2023/07/19/5 Common Vulnerability Exposure (CVE) ID: CVE-2023-3446 1.0.2zi patch (premium) https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c 1.1.1v git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23 https://www.openssl.org/news/secadv/20230719.txt https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html http://www.openwall.com/lists/oss-security/2023/07/19/4 http://www.openwall.com/lists/oss-security/2023/07/19/6 http://www.openwall.com/lists/oss-security/2023/07/31/1 http://www.openwall.com/lists/oss-security/2024/05/16/1 Common Vulnerability Exposure (CVE) ID: CVE-2023-3817 http://seclists.org/fulldisclosure/2023/Jul/43 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5 https://www.openssl.org/news/secadv/20230731.txt http://www.openwall.com/lists/oss-security/2023/09/22/11 http://www.openwall.com/lists/oss-security/2023/09/22/9 http://www.openwall.com/lists/oss-security/2023/11/06/2
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.