UBUNTU-CVE-2023-45133
- Source
- https://ubuntu.com/security/CVE-2023-45133
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-45133.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-45133
- Upstream
- Published
- 2023-10-12T17:15:00Z
- Modified
- 2025-10-24T05:02:17Z
- Severity
-
- 9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Babel is a compiler for writingJavaScript. In
@babel/traverseprior to versions 7.23.2 and 8.0.0-alpha.4 and all versions ofbabel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on thepath.evaluate()orpath.evaluateTruthy()internal Babel methods. Known affected plugins are@babel/plugin-transform-runtime;@babel/preset-envwhen using itsuseBuiltInsoption; and any "polyfill provider" plugin that depends on@babel/helper-define-polyfill-provider, such asbabel-plugin-polyfill-corejs3,babel-plugin-polyfill-corejs2,babel-plugin-polyfill-es-shims,babel-plugin-polyfill-regenerator. No other plugins under the@babel/namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in@babel/traverse@7.23.2and@babel/traverse@8.0.0-alpha.4. Those who cannot upgrade@babel/traverseand are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected@babel/traverseversions:@babel/plugin-transform-runtimev7.23.2,@babel/preset-envv7.23.2,@babel/helper-define-polyfill-providerv0.4.3,babel-plugin-polyfill-corejs2v0.4.6,babel-plugin-polyfill-corejs3v0.8.5,babel-plugin-polyfill-es-shimsv0.10.0,babel-plugin-polyfill-regeneratorv0.5.3. - References
-
- https://ubuntu.com/security/CVE-2023-45133
- https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
- https://github.com/babel/babel/pull/16033
- https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4
- https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82
- https://github.com/babel/babel/releases/tag/v7.23.2
- https://www.debian.org/security/2023/dsa-5528
- https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html
- https://www.cve.org/CVERecord?id=CVE-2023-45133
Affected packages
Ubuntu:18.04:LTS / node-babel
Package
- Name
- node-babel
- Purl
- pkg:deb/ubuntu/node-babel@6.26.0+dfsg-3build6?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-cli"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-code-frame"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-core"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-generator"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-bindify-decorators"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-builder-binary-assignment-operator-visitor"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-builder-react-jsx"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-call-delegate"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-define-map"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-explode-assignable-expression"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-explode-class"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-function-name"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-get-function-arity"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-hoist-variables"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-optimise-call-expression"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-regex"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-remap-async-to-generator"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helper-replace-supers"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-helpers"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-messages"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-external-helpers"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-async-functions"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-async-generators"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-class-constructor-call"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-class-properties"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-decorators"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-do-expressions"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-dynamic-import"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-exponentiation-operator"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-export-extensions"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-flow"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-function-bind"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-jsx"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-object-rest-spread"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-syntax-trailing-function-commas"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-async-generator-functions"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-async-to-generator"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-class-constructor-call"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-class-properties"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-decorators"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-do-expressions"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-es3-member-expression-literals"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-es3-property-literals"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-exponentiation-operator"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-export-extensions"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-flow-strip-types"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-function-bind"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-jscript"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-object-rest-spread"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-proto-to-assign"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-react-display-name"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-react-jsx"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-react-jsx-self"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-react-jsx-source"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-regenerator"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-runtime"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-plugin-transform-strict-mode"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-polyfill"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-es2015"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-es2016"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-es2017"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-flow"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-latest"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-react"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-stage-0"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-stage-1"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-stage-2"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-preset-stage-3"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-register"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-runtime"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-template"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-traverse"
},
{
"binary_version": "6.26.0+dfsg-3build6",
"binary_name": "node-babel-types"
}
]
}
Ubuntu:20.04:LTS / node-babel
Package
- Name
- node-babel
- Purl
- pkg:deb/ubuntu/node-babel@6.26.0+repack-3?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-cli"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-code-frame"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-core"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-generator"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-bindify-decorators"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-builder-binary-assignment-operator-visitor"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-builder-react-jsx"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-call-delegate"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-define-map"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-explode-assignable-expression"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-explode-class"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-function-name"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-get-function-arity"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-hoist-variables"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-optimise-call-expression"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-regex"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-remap-async-to-generator"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helper-replace-supers"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-helpers"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-messages"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-external-helpers"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-async-functions"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-async-generators"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-class-constructor-call"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-class-properties"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-decorators"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-do-expressions"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-dynamic-import"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-exponentiation-operator"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-export-extensions"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-flow"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-function-bind"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-jsx"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-object-rest-spread"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-syntax-trailing-function-commas"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-async-generator-functions"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-async-to-generator"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-class-constructor-call"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-class-properties"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-decorators"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-do-expressions"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-es3-member-expression-literals"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-es3-property-literals"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-exponentiation-operator"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-export-extensions"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-flow-strip-types"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-function-bind"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-jscript"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-object-rest-spread"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-proto-to-assign"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-react-display-name"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-react-jsx"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-react-jsx-self"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-react-jsx-source"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-regenerator"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-runtime"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-plugin-transform-strict-mode"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-polyfill"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-es2015"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-es2016"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-es2017"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-flow"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-latest"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-react"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-stage-0"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-stage-1"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-stage-2"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-preset-stage-3"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-register"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-runtime"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-template"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-traverse"
},
{
"binary_version": "6.26.0+repack-3",
"binary_name": "node-babel-types"
}
]
}
Ubuntu:22.04:LTS / node-babel7
Package
- Name
- node-babel7
- Purl
- pkg:deb/ubuntu/node-babel7@7.12.12+~cs150.141.84-8?arch=source&distro=jammy
Ubuntu:24.04:LTS / node-babel7
Package
- Name
- node-babel7
- Purl
- pkg:deb/ubuntu/node-babel7@7.20.15+ds1+~cs214.269.168-6build1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.20.15+ds1+~cs214.269.168-4
7.20.15+ds1+~cs214.269.168-5
7.20.15+ds1+~cs214.269.168-6
7.20.15+ds1+~cs214.269.168-6build1
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.20.15+ds1+~cs214.269.168-6build1",
"binary_name": "node-babel7"
},
{
"binary_version": "7.20.15+ds1+~cs214.269.168-6build1",
"binary_name": "node-babel7-debug"
},
{
"binary_version": "7.20.15+ds1+~cs214.269.168-6build1",
"binary_name": "node-babel7-runtime"
},
{
"binary_version": "7.20.15+ds1+~cs214.269.168-6build1",
"binary_name": "node-babel7-standalone"
}
]
}