CVE-2023-45133 (GCVE-0-2023-45133)
Vulnerability from cvelistv5
Published
2023-10-12 16:17
Modified
2025-02-13 17:13
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-184 - Incomplete List of Disallowed Inputs
Summary
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
References
security-advisories@github.com https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 Patch
security-advisories@github.com https://github.com/babel/babel/pull/16033 Issue Tracking
security-advisories@github.com https://github.com/babel/babel/releases/tag/v7.23.2 Patch
security-advisories@github.com https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4 Patch
security-advisories@github.com https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 Third Party Advisory
security-advisories@github.com https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html Mailing List, Third Party Advisory
security-advisories@github.com https://www.debian.org/security/2023/dsa-5528 Issue Tracking
af854a3a-2127-422b-91ae-364da2661108 https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/babel/babel/pull/16033 Issue Tracking
af854a3a-2127-422b-91ae-364da2661108 https://github.com/babel/babel/releases/tag/v7.23.2 Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4 Patch
af854a3a-2127-422b-91ae-364da2661108 https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://www.debian.org/security/2023/dsa-5528 Issue Tracking
Impacted products
Vendor Product Version
babel babel Version: < 7.23.2
Version: >= 8.0.0-alpha.0, < 8.0.0-alpha.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:19.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
          },
          {
            "name": "https://github.com/babel/babel/pull/16033",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/babel/babel/pull/16033"
          },
          {
            "name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
          },
          {
            "name": "https://github.com/babel/babel/releases/tag/v7.23.2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/babel/babel/releases/tag/v7.23.2"
          },
          {
            "name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5528"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45133",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T15:45:41.131211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T15:46:03.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "babel",
          "vendor": "babel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.23.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0-alpha.0, \u003c 8.0.0-alpha.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184: Incomplete List of Disallowed Inputs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-19T08:06:11.273Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92"
        },
        {
          "name": "https://github.com/babel/babel/pull/16033",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/babel/babel/pull/16033"
        },
        {
          "name": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82"
        },
        {
          "name": "https://github.com/babel/babel/releases/tag/v7.23.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/babel/babel/releases/tag/v7.23.2"
        },
        {
          "name": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5528"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html"
        }
      ],
      "source": {
        "advisory": "GHSA-67hx-6x53-jw92",
        "discovery": "UNKNOWN"
      },
      "title": "Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-45133",
    "datePublished": "2023-10-12T16:17:08.624Z",
    "dateReserved": "2023-10-04T16:02:46.328Z",
    "dateUpdated": "2025-02-13T17:13:48.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-45133\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-12T17:15:09.797\",\"lastModified\":\"2024-11-21T08:26:24.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \\\"polyfill provider\\\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"},{\"lang\":\"es\",\"value\":\"Babel es un compilador para escribir JavaScript. En `@babel/traverse` anterior a las versiones 7.23.2 y 8.0.0-alpha.4 y en todas las versiones de `babel-traverse`, el uso de Babel para compilar c\u00f3digo manipulado espec\u00edficamente por un atacante puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario durante compilaci\u00f3n, cuando se utilizan complementos que se basan en los m\u00e9todos internos de Babel `path.evaluate()`o `path.evaluateTruthy()`. Los complementos afectados conocidos son `@babel/plugin-transform-runtime`; `@babel/preset-env` cuando se usa su opci\u00f3n `useBuiltIns`; y cualquier complemento de \\\"proveedor de polyfill\\\" que dependa de `@babel/helper-define-polyfill-provider`, como `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin- polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. Ning\u00fan otro complemento bajo el espacio de nombres `@babel/` se ve afectado, pero los complementos de terceros podr\u00edan verse afectados. Los usuarios que solo compilan c\u00f3digo confiable no se ven afectados. La vulnerabilidad se ha solucionado en `@babel/traverse@7.23.2` y `@babel/traverse@8.0.0-alpha.4`. Aquellos que no puedan actualizar `@babel/traverse` y est\u00e9n usando uno de los paquetes afectados mencionados anteriormente deben actualizarlos a su \u00faltima versi\u00f3n para evitar activar la ruta de c\u00f3digo vulnerable en las versiones afectadas `@babel/traverse`: `@babel/plugin- transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, ` babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-184\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-697\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"C20217DD-2967-42B5-A20D-3B7978DEC2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.0:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"3359A5D4-32F2-4128-8E6D-58C556FE5D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.1:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"B7A7E551-6CA9-4D22-A8BC-BDA8F3FE4CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.2:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"0214C42F-5EB9-410E-AB7E-206A5243FEB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel:8.0.0:alpha.3:*:*:*:nodejs:*:*\",\"matchCriteriaId\":\"9E8907AD-4095-4579-BF92-AED3416ADA1E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-helper-define-polyfill-provider:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.4.3\",\"matchCriteriaId\":\"EA4E050F-1B8B-44F6-AA89-6457C7CC074F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs2:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.4.6\",\"matchCriteriaId\":\"AE6CEB01-B369-401F-9103-4BBB2FDA267A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-corejs3:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.8.5\",\"matchCriteriaId\":\"3E9E5F4A-2CF4-483A-81F9-055E06913969\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-es-shims:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.10.0\",\"matchCriteriaId\":\"B9101BDF-A1D8-4CE4-94F3-B7D986548C7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-polyfill-regenerator:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"0.5.3\",\"matchCriteriaId\":\"9350BCA6-00A4-4581-BC2B-A5077923E354\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-plugin-transform-runtime:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"F42788D8-5501-4FC1-828E-D487A4895986\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:babeljs:babel-preset-env:*:*:*:*:*:nodejs:*:*\",\"versionEndExcluding\":\"7.23.2\",\"matchCriteriaId\":\"90EF976D-050D-4478-9A6E-D694E7451BAA\"}]}]}],\"references\":[{\"url\":\"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/pull/16033\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v7.23.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5528\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/pull/16033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v7.23.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"name\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/pull/16033\", \"name\": \"https://github.com/babel/babel/pull/16033\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"name\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"name\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"name\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5528\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:14:19.735Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45133\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-18T15:45:41.131211Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-18T15:45:59.409Z\"}}], \"cna\": {\"title\": \"Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code\", \"source\": {\"advisory\": \"GHSA-67hx-6x53-jw92\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"babel\", \"product\": \"babel\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 7.23.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 8.0.0-alpha.0, \u003c 8.0.0-alpha.4\"}]}], \"references\": [{\"url\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"name\": \"https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/babel/babel/pull/16033\", \"name\": \"https://github.com/babel/babel/pull/16033\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"name\": \"https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"name\": \"https://github.com/babel/babel/releases/tag/v7.23.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"name\": \"https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5528\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \\\"polyfill provider\\\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-184\", \"description\": \"CWE-184: Incomplete List of Disallowed Inputs\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-19T08:06:11.273Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-45133\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:13:48.413Z\", \"dateReserved\": \"2023-10-04T16:02:46.328Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-10-12T16:17:08.624Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.