CVE-2023-32006

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-693
View all →

Vulnerability Description

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.

Related Vulnerabilities

CVE-2017-10952

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932017

CVE-2018-1170

HIGH
CVSS:8.8(High)

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authent...

CWE-6932018

CVE-2018-14280

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932018

CVE-2018-14281

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932018

CVE-2019-13516

HIGH
CVSS:8.8(High)

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.

CWE-6932019

CVE-2021-31982

HIGH
CVSS:8.8(High)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932021