{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45133", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-04T16:02:46.328Z", "datePublished": "2023-10-12T16:17:08.624Z", "dateUpdated": "2024-09-18T15:46:03.118Z"}, "containers": {"cna": {"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "problemTypes": [{"descriptions": [{"cweId": "CWE-184", "lang": "en", "description": "CWE-184: Incomplete List of Disallowed Inputs", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"}, {"name": "https://github.com/babel/babel/pull/16033", "tags": ["x_refsource_MISC"], "url": "https://github.com/babel/babel/pull/16033"}, {"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82", "tags": ["x_refsource_MISC"], "url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"}, {"name": "https://github.com/babel/babel/releases/tag/v7.23.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/babel/babel/releases/tag/v7.23.2"}, {"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"}, {"url": "https://www.debian.org/security/2023/dsa-5528"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"}], "affected": [{"vendor": "babel", "product": "babel", "versions": [{"version": "< 7.23.2", "status": "affected"}, {"version": ">= 8.0.0-alpha.0, < 8.0.0-alpha.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-12T16:17:08.624Z"}, "descriptions": [{"lang": "en", "value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/[email protected]` and `@babel/[email protected]`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."}], "source": {"advisory": "GHSA-67hx-6x53-jw92", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.735Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"}, {"name": "https://github.com/babel/babel/pull/16033", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/babel/babel/pull/16033"}, {"name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"}, {"name": "https://github.com/babel/babel/releases/tag/v7.23.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/babel/babel/releases/tag/v7.23.2"}, {"name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"}, {"url": "https://www.debian.org/security/2023/dsa-5528", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T15:45:41.131211Z", "id": "CVE-2023-45133", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:46:03.118Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92", "name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/babel/babel/pull/16033", "name": "https://github.com/babel/babel/pull/16033", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82", "name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/babel/babel/releases/tag/v7.23.2", "name": "https://github.com/babel/babel/releases/tag/v7.23.2", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4", "name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5528", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:14:19.735Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45133", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-18T15:45:41.131211Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:45:59.409Z"}}], "cna": {"title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code", "source": {"advisory": "GHSA-67hx-6x53-jw92", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "babel", "product": "babel", "versions": [{"status": "affected", "version": "< 7.23.2"}, {"status": "affected", "version": ">= 8.0.0-alpha.0, < 8.0.0-alpha.4"}]}], "references": [{"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92", "name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/babel/babel/pull/16033", "name": "https://github.com/babel/babel/pull/16033", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82", "name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/babel/babel/releases/tag/v7.23.2", "name": "https://github.com/babel/babel/releases/tag/v7.23.2", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4", "name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4", "tags": ["x_refsource_MISC"]}, {"url": "https://www.debian.org/security/2023/dsa-5528"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"}], "descriptions": [{"lang": "en", "value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/[email protected]` and `@babel/[email protected]`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-184", "description": "CWE-184: Incomplete List of Disallowed Inputs"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-12T16:17:08.624Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45133", "state": "PUBLISHED", "dateUpdated": "2024-09-18T15:46:03.118Z", "dateReserved": "2023-10-04T16:02:46.328Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-12T16:17:08.624Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*", "matchCriteriaId": "C20217DD-2967-42B5-A20D-3B7978DEC2D3", "versionEndExcluding": "7.23.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*", "matchCriteriaId": "3359A5D4-32F2-4128-8E6D-58C556FE5D4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*", "matchCriteriaId": "B7A7E551-6CA9-4D22-A8BC-BDA8F3FE4CD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*", "matchCriteriaId": "0214C42F-5EB9-410E-AB7E-206A5243FEB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*", "matchCriteriaId": "9E8907AD-4095-4579-BF92-AED3416ADA1E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*", "matchCriteriaId": "EA4E050F-1B8B-44F6-AA89-6457C7CC074F", "versionEndExcluding": "0.4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*", "matchCriteriaId": "AE6CEB01-B369-401F-9103-4BBB2FDA267A", "versionEndExcluding": "0.4.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*", "matchCriteriaId": "3E9E5F4A-2CF4-483A-81F9-055E06913969", "versionEndExcluding": "0.8.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*", "matchCriteriaId": "B9101BDF-A1D8-4CE4-94F3-B7D986548C7E", "versionEndExcluding": "0.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*", "matchCriteriaId": "9350BCA6-00A4-4581-BC2B-A5077923E354", "versionEndExcluding": "0.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*", "matchCriteriaId": "F42788D8-5501-4FC1-828E-D487A4895986", "versionEndExcluding": "7.23.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*", "matchCriteriaId": "90EF976D-050D-4478-9A6E-D694E7451BAA", "versionEndExcluding": "7.23.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/[email protected]` and `@babel/[email protected]`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."}, {"lang": "es", "value": "Babel es un compilador para escribir JavaScript. En `@babel/traverse` anterior a las versiones 7.23.2 y 8.0.0-alpha.4 y en todas las versiones de `babel-traverse`, el uso de Babel para compilar c\u00f3digo manipulado espec\u00edficamente por un atacante puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario durante compilaci\u00f3n, cuando se utilizan complementos que se basan en los m\u00e9todos internos de Babel `path.evaluate()`o `path.evaluateTruthy()`. Los complementos afectados conocidos son `@babel/plugin-transform-runtime`; `@babel/preset-env` cuando se usa su opci\u00f3n `useBuiltIns`; y cualquier complemento de \"proveedor de polyfill\" que dependa de `@babel/helper-define-polyfill-provider`, como `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin- polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Ning\u00fan otro complemento bajo el espacio de nombres `@babel/` se ve afectado, pero los complementos de terceros podr\u00edan verse afectados. Los usuarios que solo compilan c\u00f3digo confiable no se ven afectados. La vulnerabilidad se ha solucionado en `@babel/[email protected]` y `@babel/[email protected]`. Aquellos que no puedan actualizar `@babel/traverse` y est\u00e9n usando uno de los paquetes afectados mencionados anteriormente deben actualizarlos a su \u00faltima versi\u00f3n para evitar activar la ruta de c\u00f3digo vulnerable en las versiones afectadas `@babel/traverse`: `@babel/plugin- transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, ` babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."}], "id": "CVE-2023-45133", "lastModified": "2024-11-21T08:26:24.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-10-12T17:15:09.797", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"}, {"source": "[email protected]", "tags": ["Issue Tracking"], "url": "https://github.com/babel/babel/pull/16033"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/babel/babel/releases/tag/v7.23.2"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"}, {"source": "[email protected]", "tags": ["Issue Tracking"], "url": "https://www.debian.org/security/2023/dsa-5528"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/babel/babel/pull/16033"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/babel/babel/releases/tag/v7.23.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://www.debian.org/security/2023/dsa-5528"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-184"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-697"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "babel: arbitrary code execution", "id": "2245102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245102"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-184", "details": ["Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/[email protected]` and `@babel/[email protected]`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.", "A vulnerability was discovered in the babel package. Using certain plugins with Babel code could lead to arbitrary code execution. This issue could allow a remote attacker to craft code and then trick the user into compiling it."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-45133", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "babel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "babel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "babel", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "babel", "product_name": "Red Hat Storage 3"}], "public_date": "2023-10-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-45133\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45133\nhttps://github.com/babel/babel/releases/tag/v7.23.2\nhttps://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\nhttps://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"], "statement": "Red Hat Satellite does not directly use any affected components, but some of the packages it ships with contain them in the form of a dependency. However, the chances of exploitation are low because the build environment for Satellite is restricted, with limited opportunity for injecting untrusted code. Therefore, the impact is reduced to Moderate for Satellite.\nThe Babel project with this security vulnerability is some Javascript compiler but the babel component in Red Hat Enterprise Linux contains a collection of tools written in Python for internalization of Python applications and contains no JS/TS files. So RHEL is not affected by this vulnerability.", "threat_severity": "Important", "upstream_fix": "babel 8.0.0-alpha.4, babel 7.23.2"}