CVE-2023-32002: HackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability

Overview

Severity

N/A

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2025-Feb

Released

2025-02-11

EPSS Score

0.04% (percentile: 12.2%)

FAQ

Why is this HackerOne CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Node.js software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

Affected Products (3)

Developer Tools

• Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)

Mariner

• CBL Mariner 2.0 x64
• CBL Mariner 2.0 ARM

Security Updates (1)

• Release Notes

Acknowledgments

Anonymous

Revision History

• 2025-02-11: Information published.