CVE-2023-39331
CVSS v3.1
7.5 (High)
EPSS
0.07 % (31th)
Affected Products
1
Advisories
9
NVD Status
Analyzed
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Weaknesses
- CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Related CVEs
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- HackerOne
- Published Date
-
2023-10-18 04:15:11
(11 months ago) - Updated Date
-
2024-06-18 15:09:45
(3 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...