Количество 10
Количество 10
BDU:2024-04314
Уязвимость программной платформы Node.js, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить атаки с обходом пути
CVE-2024-21891
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVE-2024-21891
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVE-2024-21891
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVE-2024-21891
CVE-2024-21891
Node.js depends on multiple built-in utility functions to normalize pa ...
GHSA-4rwx-mrf5-wx33
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
ELSA-2024-1688
ELSA-2024-1688: nodejs:20 security update (IMPORTANT)
ELSA-2024-1687
ELSA-2024-1687: nodejs:20 security update (IMPORTANT)
SUSE-SU-2024:0643-1
Security update for nodejs20
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-04314 Уязвимость программной платформы Node.js, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю выполнить атаки с обходом пути | CVSS3: 7.9 | 0% Низкий | больше 1 года назад |
 | CVE-2024-21891 Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
 | CVE-2024-21891 Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | CVSS3: 6.6 | 0% Низкий | больше 1 года назад |
 | CVE-2024-21891 Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
 | CVSS3: 8.8 | 0% Низкий | 12 месяцев назад | |
| CVE-2024-21891 Node.js depends on multiple built-in utility functions to normalize pa ... | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
| GHSA-4rwx-mrf5-wx33 Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | CVSS3: 7.9 | 0% Низкий | больше 1 года назад |
| ELSA-2024-1688 ELSA-2024-1688: nodejs:20 security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1687 ELSA-2024-1687: nodejs:20 security update (IMPORTANT) | около 1 года назад | ||
 | SUSE-SU-2024:0643-1 Security update for nodejs20 | больше 1 года назад |
Уязвимостей на страницу