DEBIAN-CVE-2023-32006
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-32006
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-32006.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-32006
- Upstream
- Published
- 2023-08-15T16:15:11Z
- Modified
- 2025-09-25T23:28:38.732968Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The use of
module.constructor.createRequire()can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. - References
Affected packages
Debian:11 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/debian/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
12.*
12.21.0~dfsg-5
12.22.4~dfsg-1
12.22.5~dfsg-1
12.22.5~dfsg-2~11u1
12.22.5~dfsg-2
12.22.5~dfsg-3
12.22.5~dfsg-4
12.22.5~dfsg-5
12.22.5~dfsg-6
12.22.5~dfsg-7
12.22.7~dfsg-1
12.22.7~dfsg-2
12.22.9~dfsg-1
12.22.10~dfsg-1
12.22.10~dfsg-2
12.22.12~dfsg-1~deb11u1
12.22.12~dfsg-1~deb11u2
12.22.12~dfsg-1~deb11u3
12.22.12~dfsg-1~deb11u4
12.22.12~dfsg-1~deb11u5
12.22.12~dfsg-1~deb11u6
12.22.12~dfsg-1~deb11u7
14.*
14.4.0~dfsg-1
14.4.0~dfsg-2
14.7.0~dfsg-1
14.8.0~dfsg-1
14.9.0~dfsg-1
14.11.0~dfsg-1
14.11.0~dfsg-2
14.12.0~dfsg-1
14.13.0~dfsg-1
14.16.0~dfsg-1
14.16.1~dfsg-1
14.17.0~dfsg-1
14.17.0~dfsg-2
16.*
16.11.1~dfsg-1
16.13.0~dfsg-1
16.13.0~dfsg-2
16.13.0~dfsg-3
16.13.0~dfsg-4
16.13.0~dfsg-5
16.13.2~dfsg-1
16.13.2~dfsg-2
16.13.2+really14.19.0~dfsg-1
16.13.2+really14.19.0~dfsg-2
16.13.2+really14.19.1~dfsg-1
16.13.2+really14.19.1~dfsg-2
16.13.2+really14.19.1~dfsg-3
16.13.2+really14.19.1~dfsg-4
16.13.2+really14.19.1~dfsg-5
16.13.2+really14.19.1~dfsg-6
16.14.2+dfsg-1
16.14.2+dfsg-2
16.14.2+dfsg-3
16.14.2+dfsg-4
16.14.2+dfsg-5
16.14.2+dfsg1-1
16.15.0+dfsg-1
16.15.1+dfsg-1
18.*
18.3.0+dfsg-1
18.4.0+dfsg-1
18.4.0+dfsg-2
18.6.0+dfsg-1
18.6.0+dfsg-2
18.6.0+dfsg-3
18.6.0+dfsg-4
18.6.0+dfsg-5
18.7.0+dfsg-1
18.7.0+dfsg-4
18.7.0+dfsg-5
18.8.0+dfsg-1
18.10.0+dfsg-1
18.10.0+dfsg-2
18.10.0+dfsg-3
18.10.0+dfsg-4
18.10.0+dfsg-5
18.10.0+dfsg-6
18.11.0+dfsg-1
18.11.0+dfsg-2
18.11.0+dfsg-3
18.11.0+dfsg-4
18.12.0+dfsg-1
18.12.1+dfsg-1
18.12.1+dfsg-2
18.12.1+dfsg-2+0.riscv64.1
18.13.0+dfsg-1
18.13.0+dfsg1-1
18.13.0+dfsg1-1.1
18.19.0+dfsg-1
18.19.0+dfsg-2
18.19.0+dfsg-3
18.19.0+dfsg-4
18.19.0+dfsg-5
18.19.0+dfsg-6~deb12u1
18.19.0+dfsg-6~deb12u2
18.19.0+dfsg-6
18.19.1+dfsg-1
18.19.1+dfsg-2
18.19.1+dfsg-3
18.19.1+dfsg-3.1
18.19.1+dfsg-4
18.19.1+dfsg-6
18.20.1+dfsg-1
18.20.1+dfsg-2
18.20.1+dfsg-3
18.20.1+dfsg-4
18.20.4+dfsg-1~deb12u1
20.*
20.10.0+dfsg-1
20.12.2+dfsg-1
20.13.0+dfsg-1
20.13.1+dfsg-1
20.13.1+dfsg-2
20.14.0+dfsg-1
20.14.0+dfsg-2
20.14.0+dfsg-3
20.15.0+dfsg-1
20.15.1+dfsg-1
20.16.0+dfsg-1
20.17.0+dfsg-1
20.17.0+dfsg-2
20.18.0+dfsg-1
20.18.0+dfsg-2
20.18.1+dfsg-1
20.18.1+dfsg-2
20.18.2+dfsg-1
20.18.2+dfsg-2
20.18.2+dfsg-3
20.18.2+dfsg-4
20.18.3+dfsg-1
20.19.0+dfsg-1
20.19.0+dfsg-2
20.19.0+dfsg1-1
20.19.2+dfsg-1
20.19.4+dfsg-1
22.*
22.12.0+dfsg-1
22.12.0+dfsg-2
22.12.0+dfsg-3
22.14.0+dfsg-1
22.18.0+dfsg-1
22.18.0+dfsg+~cs22.17.2-1
22.18.0+dfsg+~cs22.17.2-2
22.19.0+dfsg+~cs22.18.0-1
Debian:12 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/debian/nodejs?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed18.19.0+dfsg-6~deb12u1
Debian:13 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/debian/nodejs?arch=source
Debian:14 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:deb/debian/nodejs?arch=source