Fedora Account System
Red Hat Associate
Red Hat Customer
It was possible to bypass Permissions and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2172149] Affects: fedora-all [bug 2172148] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-all [bug 2172151] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2172152] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2172150] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2172153] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2172154]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1533 https://access.redhat.com/errata/RHSA-2023:1533
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1582 https://access.redhat.com/errata/RHSA-2023:1582
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1583 https://access.redhat.com/errata/RHSA-2023:1583
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1742 https://access.redhat.com/errata/RHSA-2023:1742
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1743 https://access.redhat.com/errata/RHSA-2023:1743
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:1744 https://access.redhat.com/errata/RHSA-2023:1744
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2654 https://access.redhat.com/errata/RHSA-2023:2654
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2655 https://access.redhat.com/errata/RHSA-2023:2655
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-23918