1. Home
  2. Vulnerabilities
  3. CVE-2023-32004

CVE-2023-32004

CVSS v3.1 8.8 (High)
88% Progress
EPSS 0.15 % (52th)
0.15% Progress
Affected Products 2
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.

This vulnerability affects all users using the experimental permission model in Node.js 20.

Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Weaknesses
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Related CVEs
CVE Status
PUBLISHED
CNA
HackerOne
Published Date
2023-08-15 16:15:11
(13 months ago)
Updated Date
2023-09-15 14:15:10
(12 months ago)

Affected Products

Fedoraproject

Nodejs

Configuration #1

    CPE23 From Up To
  Nodejs Node.js from 20.0.0 version and 20.5.0 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 20.0.0 <= 20.5.0

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 37 cpe:2.3:o:fedoraproject:fedora:37
  Fedoraproject Fedora 38 cpe:2.3:o:fedoraproject:fedora:38