CVE-2023-45133

{"id": "CVE-2023-45133", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}]}, "published": "2023-10-12T17:15:09.797", "references": [{"url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/babel/babel/pull/16033", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/babel/babel/releases/tag/v7.23.2", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.debian.org/security/2023/dsa-5528", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-697"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-184"}]}], "descriptions": [{"lang": "en", "value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."}, {"lang": "es", "value": "Babel es un compilador para escribir JavaScript. En `@babel/traverse` anterior a las versiones 7.23.2 y 8.0.0-alpha.4 y en todas las versiones de `babel-traverse`, el uso de Babel para compilar c\u00f3digo manipulado espec\u00edficamente por un atacante puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario durante compilaci\u00f3n, cuando se utilizan complementos que se basan en los m\u00e9todos internos de Babel `path.evaluate()`o `path.evaluateTruthy()`. Los complementos afectados conocidos son `@babel/plugin-transform-runtime`; `@babel/preset-env` cuando se usa su opci\u00f3n `useBuiltIns`; y cualquier complemento de \"proveedor de polyfill\" que dependa de `@babel/helper-define-polyfill-provider`, como `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin- polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Ning\u00fan otro complemento bajo el espacio de nombres `@babel/` se ve afectado, pero los complementos de terceros podr\u00edan verse afectados. Los usuarios que solo compilan c\u00f3digo confiable no se ven afectados. La vulnerabilidad se ha solucionado en `@babel/traverse@7.23.2` y `@babel/traverse@8.0.0-alpha.4`. Aquellos que no puedan actualizar `@babel/traverse` y est\u00e9n usando uno de los paquetes afectados mencionados anteriormente deben actualizarlos a su \u00faltima versi\u00f3n para evitar activar la ruta de c\u00f3digo vulnerable en las versiones afectadas `@babel/traverse`: `@babel/plugin- transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, ` babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."}], "lastModified": "2023-10-24T16:52:20.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "C20217DD-2967-42B5-A20D-3B7978DEC2D3", "versionEndExcluding": "7.23.2"}, {"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "3359A5D4-32F2-4128-8E6D-58C556FE5D4E"}, {"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "B7A7E551-6CA9-4D22-A8BC-BDA8F3FE4CD2"}, {"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "0214C42F-5EB9-410E-AB7E-206A5243FEB9"}, {"criteria": "cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "9E8907AD-4095-4579-BF92-AED3416ADA1E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "EA4E050F-1B8B-44F6-AA89-6457C7CC074F", "versionEndExcluding": "0.4.3"}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "AE6CEB01-B369-401F-9103-4BBB2FDA267A", "versionEndExcluding": "0.4.6"}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "3E9E5F4A-2CF4-483A-81F9-055E06913969", "versionEndExcluding": "0.8.5"}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "B9101BDF-A1D8-4CE4-94F3-B7D986548C7E", "versionEndExcluding": "0.10.0"}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "9350BCA6-00A4-4581-BC2B-A5077923E354", "versionEndExcluding": "0.5.3"}, {"criteria": "cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "F42788D8-5501-4FC1-828E-D487A4895986", "versionEndExcluding": "7.23.2"}, {"criteria": "cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*", "vulnerable": true, "matchCriteriaId": "90EF976D-050D-4478-9A6E-D694E7451BAA", "versionEndExcluding": "7.23.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}