[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2023-0078":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":18,"duplicates":19,"related":20,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":52,"epss":9,"epss_history":53,"metrics":54,"affected":55},"MGASA-2023-0078","Updated nodejs packages fix security vulnerability\n\nThe following CVEs are fixed in this release:\n\nCVE-2023-23918: Node.js Permissions policies can be bypassed via\nprocess.mainModule (High)\nCVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA\nenvironment variable (Low)\nMore detailed information on each of the vulnerabilities can be found in\nFebruary 2023 Security Releases blog post.\n\nThis security release includes OpenSSL security updates as outlined in the\nrecent OpenSSL security advisory.\n\nThis security release also includes an npm update for Node.js 14 to\naddress a number of CVEs which either do not affect Node.js or are low\nseverity in the context of Node.js. You can get more details for the\nindividual CVEs in nodejs-dependency-vuln-assessments.\n",null,[],[],[],[14,16],{"_key":15},"CVE-2023-23918",{"_key":17},"CVE-2023-23920",[],[],[21,22],{"_key":15},{"_key":17},"2023-03-01T21:14:31Z","2026-04-16T04:22:38.847587Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28,34,39,44,48],{"url":29,"sources":30,"tags":32},"https://advisories.mageia.org/MGASA-2023-0078.html",[31],"osv_mageia",[33],"Advisory",{"url":35,"sources":36,"tags":37},"https://bugs.mageia.org/show_bug.cgi?id=31559",[31],[38],"REPORT",{"url":40,"sources":41,"tags":42},"https://github.com/nodejs/node/releases/tag/v14.21.3",[31],[38,43],"WEB",{"url":45,"sources":46,"tags":47},"https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/",[31],[38,43],{"url":49,"sources":50,"tags":51},"https://www.openssl.org/news/secadv/20230207.txt",[31],[38,43],[],[],[],[56],{"ecosystem":57,"name":58,"vendor":59,"product":58,"cpe_part":9,"purl_type":60,"purl_namespace":59,"purl_name":58,"source":9,"versions":61},"Mageia","nodejs","mageia","rpm",[62],{"version":63,"is_range":64,"range_type":65,"version_start":9,"version_start_type":9,"version_end":66,"version_end_type":67,"fixed_in":9},"lt14_21_3_2_1_mga8",true,"ecosystem","14.21.3-2.1.mga8","excluding"]