Permissions policies can be bypassed via Module._load and require.extensions (High) (CVE-2023-30587)