Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-32004

Опубликовано: 15 авг. 2023
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.

This vulnerability affects all users using the experimental permission model in Node.js 20.

Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 20.0.0 (включая) до 20.5.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

EPSS

Процентиль: 31%
0.00115
Низкий

8.8 High

CVSS3

Дефекты

CWE-22
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2023-32004

CVSS3: 8.8
ubuntu
больше 2 лет назад

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

redhat логотип

CVE-2023-32004

CVSS3: 8.8
redhat
больше 2 лет назад

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

msrc логотип

CVE-2023-32004

msrc
больше 2 лет назад

A vulnerability has been discovered in Node.js version 20 specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js.

debian логотип

CVE-2023-32004

CVSS3: 8.8
debian
больше 2 лет назад

A vulnerability has been discovered in Node.js version 20, specificall ...

github логотип

GHSA-x3wm-m4vj-p6px

CVSS3: 8.8
github
больше 2 лет назад

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

EPSS

Процентиль: 31%
0.00115
Низкий

8.8 High

CVSS3

Дефекты

CWE-22
CWE-22