MGASA-2023-0264

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2023-32002 CVE-2023-32006 CVE-2023-32559

Published: 24 Sept 2023, 22:16

Last modified:16 Apr 2026, 04:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 Sept 2023, 22:16

Published

Vulnerability first disclosed

16 Apr 2026, 04:22

Last Modified

Vulnerability information updated

Description

Updated nodejs packages fix security vulnerability This is a security release. As well, it fixes v8 headers detection (mga#28809) The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module._load (High) CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium) CVE-2023-32559: Policies can be bypassed via process.binding (Medium) OpenSSL Security Releases OpenSSL security advisory 14th July. OpenSSL security advisory 19th July. OpenSSL security advisory 31st July More detailed information on each of the vulnerabilities can be found in August 2023 Security Releases blog post.

Affected Systems

mageia•nodejs
< 18.17.1-1.mga8
mageia•nodejs
< 18.17.1-1.mga9
mageia•yarnpkg
< 1.22.19-13.mga9

MGASA-2023-0264

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)