CVE-2023-23919: Node.js OpenSSL Error Stack Not Cleared, Leading To False Positive Errors and Potential Denial Of Service
A newly discovered cryptographic vulnerability, identified as CVE-2023-23919, affects certain Node.js versions. Specifically, this vulnerability impacts Node.js versions<19.2., <18.14.1, <16.19.1, and <14.21.3. This security issue arises due to a failure to clear the OpenSSL error stack after several operations, which can lead to false positive errors and potentially cause a Denial of Service (DoS) attack.
The Problem
The issue stems from the fact that in some cases, Node.js does not adequat
CVE-2023-23918: Node.js Privilege Escalation Vulnerability via process.mainModule.require()
A recent vulnerability, CVE-2023-23918, was discovered affecting Node.js versions prior to 19.6.1, 18.14.1, 16.19.1, and 14.21.3.