nvd-json-data-feeds/CVE-2023/CVE-2023-320xx/CVE-2023-32006.json

{
  "id": "CVE-2023-32006",
  "sourceIdentifier": "support@hackerone.com",
  "published": "2023-08-15T16:15:11.460",
  "lastModified": "2023-08-19T03:15:25.100",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://hackerone.com/reports/2043807",
      "source": "support@hackerone.com"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/",
      "source": "support@hackerone.com"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/",
      "source": "support@hackerone.com"
    }
  ]
}
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`{`
			`"id": "CVE-2023-32006",`
			`"sourceIdentifier": "support@hackerone.com",`
			`"published": "2023-08-15T16:15:11.460",`
Auto-Update: 2023-08-19T04:00:28.392937+00:00 2023-08-19 04:00:31 +00:00			`"lastModified": "2023-08-19T03:15:25.100",`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`"vulnStatus": "Awaiting Analysis",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js."
			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://hackerone.com/reports/2043807",`
			`"source": "support@hackerone.com"`
Auto-Update: 2023-08-16T04:00:30.518548+00:00 2023-08-16 04:00:34 +00:00			`},`
Auto-Update: 2023-08-19T04:00:28.392937+00:00 2023-08-19 04:00:31 +00:00			`{`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/",`
			`"source": "support@hackerone.com"`
			`},`
Auto-Update: 2023-08-16T04:00:30.518548+00:00 2023-08-16 04:00:34 +00:00			`{`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/",`
			`"source": "support@hackerone.com"`
Auto-Update: 2023-08-15T18:00:33.830284+00:00 2023-08-15 18:00:37 +00:00			`}`
			`]`
			`}`