mickmick.net

Node.js Multiple Vulnerabilities

Release Date: 10 Aug 2023

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities have been identified in Node.js. A remote attacker can exploit these vulnerabilities to trigger remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

---

Impact

• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure

---

System / Technologies affected

• Node.js versions prior to 16.20.2 (LTS)
• Node.js versions prior to 18.17.1 (LTS)
• Node.js versions prior to 20.5.1

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

• Update to Node.js version 16.20.2 (LTS)
• Update to Node.js version 18.17.1 (LTS)
• Update to Node.js version 20.5.1

---

Vulnerability Identifier

• CVE-2023-32002
• CVE-2023-32003
• CVE-2023-32004
• CVE-2023-32005
• CVE-2023-32006
• CVE-2023-32558
• CVE-2023-32559

---

Source

• nodejs

---

Related Link

• https://nodejs.org/en/blog/vulnerability/august-2023-security-releases/
• https://nodejs.org/en/blog/release/v20.5.1
• https://nodejs.org/en/blog/release/v18.17.1
• https://nodejs.org/en/blog/release/v16.20.2