[Git][security-tracker-team/security-tracker][master] new nodejs issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a7005ff by Moritz Muehlenhoff at 2023-08-10T09:39:09+02:00
new nodejs issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,30 @@
+CVE-2023-32559
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559
+	NOTE: https://github.com/nodejs/node/commit/d4570fae358693b8f7fec05294b9bb92a966226d (v18.x)
+	NOTE: https://github.com/nodejs/node/commit/4aa0eff787c14f14a239cf2f44bf751a0151e3eb (main)
+CVE-2023-32558
+	- nodejs <not-affected> (Only affects 20.x and later)
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558
+CVE-2023-32006
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006
+	NOTE: https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a (v18.x)
+	NOTE: https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1 (main)
+CVE-2023-32005
+	- nodejs <not-affected> (Only affects 20.x and later)
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsstatfs-can-retrive-stats-from-files-restricted-by-the-permission-model-lowcve-2023-32005
+CVE-2023-32004
+	- nodejs <not-affected> (Only affects 20.x and later)
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permission-model-bypass-by-specifying-a-path-traversal-sequence-in-a-buffer-highcve-2023-32004
+CVE-2023-32003
+	- nodejs <not-affected> (Only affects 20.x and later)
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsmkdtemp-and-fsmkdtempsync-are-missing-getvalidatedpath-checks-lowcve-2023-32003
+CVE-2023-32002
+	- nodejs <unfixed>
+	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002
+	NOTE: https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a (v18.x)
+	NOTE: https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1 (main)
 CVE-2023-38712 [nvalid IKEv1 repeat IKE SA delete causes crash and restart]
 	- libreswan <unfixed>
 	NOTE: https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a7005ffa214f499b29cbc9945165cf926b20497

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a7005ffa214f499b29cbc9945165cf926b20497
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230810/71c9a76e/attachment-0001.htm>