CVE-2023-39331

CVSS v3.1 7.5 (High)

EPSS 0.07 % (31^th)

Affected Products 1

Advisories 9

NVD Status Analyzed

A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.

Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Weaknesses

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Related CVEs

CVE-2023-30584

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: HackerOne
Published Date: 2023-10-18 04:15:11
(11 months ago)
Updated Date: 2024-06-18 15:09:45
(3 months ago)

Affected Products

Nodejs

Node.js

Configuration #1

		CPE23	From	Up To
	Nodejs Node.js from 20.0.0 version and prior 20.8.1 version	cpe:2.3:a:nodejs:node.js::::*:-	>= 20.0.0	< 20.8.1