Количество 27
Количество 27
CVE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.
CVE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.
CVE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.
CVE-2025-55130
A flaw in Node.js\u2019s Permissions model allows attackers to bypass ...
GHSA-62wc-jj78-f4f6
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.
BDU:2026-00545
Уязвимость программной платформы Node.js, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю скомпрометировать систему
RLSA-2026:2783
Important: nodejs:20 security update
RLSA-2026:2782
Important: nodejs:22 security update
RLSA-2026:2781
Important: nodejs:24 security update
RLSA-2026:2422
Important: nodejs:20 security update
RLSA-2026:2421
Important: nodejs:22 security update
RLSA-2026:2420
Important: nodejs:24 security update
RLSA-2026:1843
Important: nodejs22 security update
RLSA-2026:1842
Important: nodejs24 security update
ELSA-2026-2783
ELSA-2026-2783: nodejs:20 security update (IMPORTANT)
ELSA-2026-2782
ELSA-2026-2782: nodejs:22 security update (IMPORTANT)
ELSA-2026-2781
ELSA-2026-2781: nodejs:24 security update (IMPORTANT)
ELSA-2026-2422
ELSA-2026-2422: nodejs:20 security update (IMPORTANT)
ELSA-2026-2421
ELSA-2026-2421: nodejs:22 security update (IMPORTANT)
ELSA-2026-2420
ELSA-2026-2420: nodejs:24 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-55130 A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. | CVSS3: 9.1 | 0% Низкий | 2 месяца назад |
 | CVE-2025-55130 A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. | CVSS3: 7.1 | 0% Низкий | 2 месяца назад |
 | CVE-2025-55130 A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. | CVSS3: 9.1 | 0% Низкий | 2 месяца назад |
| CVE-2025-55130 A flaw in Node.js\u2019s Permissions model allows attackers to bypass ... | CVSS3: 9.1 | 0% Низкий | 2 месяца назад |
| GHSA-62wc-jj78-f4f6 A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. | CVSS3: 7.1 | 0% Низкий | 2 месяца назад |
 | BDU:2026-00545 Уязвимость программной платформы Node.js, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю скомпрометировать систему | CVSS3: 7.7 | 0% Низкий | 2 месяца назад |
 | RLSA-2026:2783 Important: nodejs:20 security update | около 1 месяца назад | ||
| RLSA-2026:2782 Important: nodejs:22 security update | около 1 месяца назад | ||
| RLSA-2026:2781 Important: nodejs:24 security update | около 1 месяца назад | ||
| RLSA-2026:2422 Important: nodejs:20 security update | около 1 месяца назад | ||
| RLSA-2026:2421 Important: nodejs:22 security update | около 1 месяца назад | ||
| RLSA-2026:2420 Important: nodejs:24 security update | около 1 месяца назад | ||
| RLSA-2026:1843 Important: nodejs22 security update | около 2 месяцев назад | ||
| RLSA-2026:1842 Important: nodejs24 security update | около 2 месяцев назад | ||
| ELSA-2026-2783 ELSA-2026-2783: nodejs:20 security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2026-2782 ELSA-2026-2782: nodejs:22 security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2026-2781 ELSA-2026-2781: nodejs:24 security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2026-2422 ELSA-2026-2422: nodejs:20 security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2026-2421 ELSA-2026-2421: nodejs:22 security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2026-2420 ELSA-2026-2420: nodejs:24 security update (IMPORTANT) | около 1 месяца назад |
Уязвимостей на страницу