CVE-2023-45133
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-45133
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45133.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-45133
- Aliases
- Related
- Published
- 2023-10-12T17:15:09Z
- Modified
- 2024-09-18T03:25:50.145568Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Babel is a compiler for writingJavaScript. In
@babel/traverseprior to versions 7.23.2 and 8.0.0-alpha.4 and all versions ofbabel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on thepath.evaluate()orpath.evaluateTruthy()internal Babel methods. Known affected plugins are@babel/plugin-transform-runtime;@babel/preset-envwhen using itsuseBuiltInsoption; and any "polyfill provider" plugin that depends on@babel/helper-define-polyfill-provider, such asbabel-plugin-polyfill-corejs3,babel-plugin-polyfill-corejs2,babel-plugin-polyfill-es-shims,babel-plugin-polyfill-regenerator. No other plugins under the@babel/namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in@babel/traverse@7.23.2and@babel/traverse@8.0.0-alpha.4. Those who cannot upgrade@babel/traverseand are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected@babel/traverseversions:@babel/plugin-transform-runtimev7.23.2,@babel/preset-envv7.23.2,@babel/helper-define-polyfill-providerv0.4.3,babel-plugin-polyfill-corejs2v0.4.6,babel-plugin-polyfill-corejs3v0.8.5,babel-plugin-polyfill-es-shimsv0.10.0,babel-plugin-polyfill-regeneratorv0.5.3. - References
-
- https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
- https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html
- https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82
- https://github.com/babel/babel/releases/tag/v7.23.2
- https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4
- https://github.com/babel/babel/pull/16033
- https://www.debian.org/security/2023/dsa-5528
- https://security-tracker.debian.org/tracker/CVE-2023-45133
Affected packages
Debian:11 / node-babel7
Package
- Name
- node-babel7
- Purl
- pkg:deb/debian/node-babel7?arch=source
Debian:12 / node-babel7
Package
- Name
- node-babel7
- Purl
- pkg:deb/debian/node-babel7?arch=source
Debian:13 / node-babel7
Package
- Name
- node-babel7
- Purl
- pkg:deb/debian/node-babel7?arch=source
Git / github.com/babel/babel
Affected ranges
- Type
- GIT
- Repo
- https://github.com/babel/babel
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
babel-eslint-v11.*
babel-eslint-v11.0.0-beta.1
v1.*
v1.10.1
v1.10.10
v1.10.11
v1.10.12
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.10.6
v1.10.7
v1.10.8
v1.10.9
v1.11.0
v1.11.1
v1.11.10
v1.11.11
v1.11.12
v1.11.13
v1.11.14
v1.11.15
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.11.8
v1.11.9
v1.12.0
v1.12.1
v1.12.10
v1.12.11
v1.12.12
v1.12.13
v1.12.14
v1.12.15
v1.12.16
v1.12.17
v1.12.18
v1.12.19
v1.12.2
v1.12.20
v1.12.21
v1.12.22
v1.12.23
v1.12.24
v1.12.25
v1.12.26
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.7
v1.12.8
v1.12.9
v1.13.0
v1.13.1
v1.13.10
v1.13.11
v1.13.12
v1.13.13
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.13.7
v1.13.8
v1.13.9
v1.14.0
v1.14.1
v1.14.10
v1.14.11
v1.14.12
v1.14.13
v1.14.14
v1.14.15
v1.14.16
v1.14.17
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.15.0
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.15
v1.7.16
v1.7.17
v1.7.7
v1.7.9
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.1.0
v2.10.0
v2.10.1
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.11.4
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.5
v2.12.6
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.13.6
v2.13.7
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.4.10
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.8.0
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.*
v3.0.0
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.2.0
v3.2.1
v3.3.0
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v4.*
v4.0.1
v4.0.2
v4.1.1
v4.2.0
v4.2.1
v4.3.0
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.5.4
v4.5.5
v4.6.0
v4.6.1
v4.6.2
v4.6.3
v4.6.4
v4.6.5
v4.6.6
v4.7.0
v4.7.1
v4.7.10
v4.7.11
v4.7.12
v4.7.13
v4.7.14
v4.7.15
v4.7.16
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.6
v4.7.7
v4.7.8
v4.7.9
v5.*
v5.0.0
v5.0.0-beta1
v5.0.0-beta2
v5.0.0-beta3
v5.0.0-beta4
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.13
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.10
v5.1.11
v5.1.12
v5.1.13
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.1.9
v5.2.0
v5.2.1
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.2.15
v5.2.16
v5.2.17
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.4.6
v5.4.7
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.5.5
v5.5.6
v5.5.7
v5.5.8
v5.6.0
v5.6.1
v5.6.10
v5.6.11
v5.6.12
v5.6.13
v5.6.14
v5.6.15
v5.6.16
v5.6.17
v5.6.18
v5.6.19
v5.6.2
v5.6.20
v5.6.21
v5.6.23
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.6.7
v5.6.8
v5.6.9
v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.7.4
v5.7.5
v5.7.6
v5.8.0
v5.8.1
v5.8.10
v5.8.11
v5.8.12
v5.8.13
v5.8.14
v5.8.15
v5.8.16
v5.8.17
v5.8.18
v5.8.19
v5.8.2
v5.8.20
v5.8.21
v5.8.22
v5.8.23
v5.8.24
v5.8.25
v5.8.26
v5.8.27
v5.8.28
v5.8.29
v5.8.3
v5.8.30
v5.8.31
v5.8.32
v5.8.33
v5.8.4
v5.8.5
v5.8.6
v5.8.7
v5.8.8
v5.8.9
v6.*
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.17
v6.0.18
v6.0.19
v6.0.2
v6.0.20
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1.0
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.10.0
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.11.0
v6.11.1
v6.11.2
v6.11.3
v6.11.4
v6.11.5
v6.11.6
v6.12.0
v6.13.0
v6.13.1
v6.13.2
v6.14.0
v6.15.0
v6.16.0
v6.16.1
v6.16.2
v6.16.3
v6.17.0
v6.18.0
v6.18.1
v6.18.2
v6.19.0
v6.2.0
v6.2.1
v6.2.2
v6.20.0
v6.20.1
v6.20.2
v6.20.3
v6.21.0
v6.21.1
v6.22.0
v6.22.1
v6.22.2
v6.23.0
v6.23.1
v6.24.0
v6.24.1
v6.25.0
v6.26.0
v6.3.0
v6.3.1
v6.3.10
v6.3.13
v6.3.14
v6.3.15
v6.3.16
v6.3.17
v6.3.18
v6.3.19
v6.3.2
v6.3.20
v6.3.21
v6.3.23
v6.3.24
v6.3.25
v6.3.26
v6.3.8
v6.4.0
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.5.0
v6.5.1
v6.5.2
v6.6.0
v6.6.1
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.7.0
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v7.*
v7.0.0
v7.0.0-alpha.1
v7.0.0-alpha.10
v7.0.0-alpha.11
v7.0.0-alpha.12
v7.0.0-alpha.15
v7.0.0-alpha.16
v7.0.0-alpha.17
v7.0.0-alpha.18
v7.0.0-alpha.19
v7.0.0-alpha.20
v7.0.0-alpha.3
v7.0.0-alpha.4
v7.0.0-alpha.5
v7.0.0-alpha.6
v7.0.0-alpha.7
v7.0.0-alpha.8
v7.0.0-alpha.9
v7.0.0-beta.0
v7.0.0-beta.1
v7.0.0-beta.2
v7.0.0-beta.3
v7.0.0-beta.31
v7.0.0-beta.32
v7.0.0-beta.33
v7.0.0-beta.34
v7.0.0-beta.35
v7.0.0-beta.36
v7.0.0-beta.37
v7.0.0-beta.38
v7.0.0-beta.39
v7.0.0-beta.4
v7.0.0-beta.40
v7.0.0-beta.41
v7.0.0-beta.42
v7.0.0-beta.43
v7.0.0-beta.44
v7.0.0-beta.45
v7.0.0-beta.46
v7.0.0-beta.47
v7.0.0-beta.48
v7.0.0-beta.49
v7.0.0-beta.5
v7.0.0-beta.50
v7.0.0-beta.51
v7.0.0-beta.52
v7.0.0-beta.53
v7.0.0-beta.54
v7.0.0-beta.55
v7.0.0-beta.56
v7.0.0-rc.0
v7.0.0-rc.1
v7.0.0-rc.2
v7.0.0-rc.3
v7.0.0-rc.4
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.10.0
v7.10.1
v7.10.2
v7.10.3
v7.10.4
v7.10.5
v7.11.0
v7.11.1
v7.11.2
v7.11.3
v7.11.4
v7.11.5
v7.11.6
v7.12.0
v7.12.1
v7.12.10
v7.12.11
v7.12.12
v7.12.13
v7.12.14
v7.12.15
v7.12.16
v7.12.17
v7.12.18
v7.12.2
v7.12.3
v7.12.4
v7.12.5
v7.12.6
v7.12.7
v7.12.8
v7.12.9
v7.13.0
v7.13.1
v7.13.10
v7.13.11
v7.13.12
v7.13.13
v7.13.14
v7.13.15
v7.13.16
v7.13.17
v7.13.2
v7.13.3
v7.13.4
v7.13.5
v7.13.6
v7.13.7
v7.13.8
v7.13.9
v7.14.0
v7.14.1
v7.14.2
v7.14.3
v7.14.4
v7.14.5
v7.14.6
v7.14.7
v7.14.8
v7.14.9
v7.15.0
v7.15.1
v7.15.2
v7.15.3
v7.15.4
v7.15.5
v7.15.6
v7.15.7
v7.15.8
v7.16.0
v7.16.1
v7.16.10
v7.16.11
v7.16.12
v7.16.2
v7.16.3
v7.16.4
v7.16.5
v7.16.6
v7.16.7
v7.16.8
v7.16.9
v7.17.0
v7.17.1
v7.17.10
v7.17.11
v7.17.12
v7.17.2
v7.17.3
v7.17.4
v7.17.5
v7.17.6
v7.17.7
v7.17.8
v7.17.9
v7.18.0
v7.18.1
v7.18.10
v7.18.11
v7.18.12
v7.18.13
v7.18.2
v7.18.3
v7.18.4
v7.18.5
v7.18.6
v7.18.7
v7.18.8
v7.18.9
v7.19.0
v7.19.1
v7.19.2
v7.19.3
v7.19.4
v7.19.5
v7.19.6
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.2.5
v7.20.0
v7.20.1
v7.20.10
v7.20.11
v7.20.12
v7.20.13
v7.20.14
v7.20.15
v7.20.2
v7.20.3
v7.20.4
v7.20.5
v7.20.6
v7.20.7
v7.20.8
v7.20.9
v7.21.0
v7.21.1
v7.21.2
v7.21.3
v7.21.4
v7.21.5
v7.21.6
v7.21.7
v7.21.8
v7.21.9
v7.22.0
v7.22.1
v7.22.10
v7.22.11
v7.22.12
v7.22.13
v7.22.14
v7.22.15
v7.22.16
v7.22.17
v7.22.18
v7.22.19
v7.22.2
v7.22.20
v7.22.3
v7.22.4
v7.22.5
v7.22.6
v7.22.7
v7.22.8
v7.22.9
v7.23.0
v7.23.1
v7.3.0
v7.3.1
v7.3.2
v7.3.3
v7.3.4
v7.4.0
v7.4.1
v7.4.2
v7.4.3
v7.4.4
v7.4.5
v7.5.0
v7.5.1
v7.5.2
v7.5.3
v7.5.4
v7.5.5
v7.6.0
v7.6.1
v7.6.2
v7.6.3
v7.6.4
v7.7.0
v7.7.1
v7.7.2
v7.7.3
v7.7.4
v7.7.5
v7.7.6
v7.7.7
v7.8.0
v7.8.1
v7.8.2
v7.8.3
v7.8.4
v7.8.5
v7.8.6
v7.8.7
v7.8.8
v7.9.0
v7.9.1
v7.9.2
v7.9.3
v7.9.4
v7.9.5
v7.9.6
v8.*
v8.0.0-alpha.1
v8.0.0-alpha.2
v8.0.0-alpha.3