{ "threat_severity" : "Important", "public_date" : "2023-10-11T00:00:00Z", "bugzilla" : { "description" : "babel: arbitrary code execution", "id" : "2245102", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2245102" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status" : "draft" }, "cwe" : "CWE-184", "details" : [ "Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any \"polyfill provider\" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.", "A vulnerability was discovered in the babel package. Using certain plugins with Babel code could lead to arbitrary code execution. This issue could allow a remote attacker to craft code and then trick the user into compiling it." ], "statement" : "Red Hat Satellite does not directly use any affected components, but some of the packages it ships with contain them in the form of a dependency. However, the chances of exploitation are low because the build environment for Satellite is restricted, with limited opportunity for injecting untrusted code. Therefore, the impact is reduced to Moderate for Satellite.\nThe Babel project with this security vulnerability is some Javascript compiler but the babel component in Red Hat Enterprise Linux contains a collection of tools written in Python for internalization of Python applications and contains no JS/TS files. So RHEL is not affected by this vulnerability.", "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/kibana6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "babel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "babel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Not affected", "package_name" : "babel", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "babel", "cpe" : "cpe:/a:redhat:storage:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-45133\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45133\nhttps://github.com/babel/babel/releases/tag/v7.23.2\nhttps://github.com/babel/babel/releases/tag/v8.0.0-alpha.4\nhttps://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92" ], "name" : "CVE-2023-45133", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }