[ALPINE:CVE-2023-39332] nodejs-current vulnerability
Severity
Critical
Affected Packages
15
Fixed Packages
15
CVEs
1
[From CVE-2023-39332] Various node:fs
functions allow specifying paths as either strings or Uint8Array
objects. In Node.js environments, the Buffer
class extends the Uint8Array
class. Node.js prevents path traversal through strings (see CVE-2023-30584) and Buffer
objects (see CVE-2023-32004), but not through non-Buffer
Uint8Array
objects.
This is distinct from CVE-2023-32004 which only referred to Buffer
objects. However, the vulnerability follows the same pattern using Uint8Array
instead of Buffer
.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
- ID
- ALPINE:CVE-2023-39332
- Severity
- critical
- Severity from
- CVE-2023-39332
- URL
- https://security.alpinelinux.org/vuln/CVE-2023-39332
- Published
-
2023-10-18T04:15:11
(11 months ago) - Modified
-
2023-10-18T04:15:11
(11 months ago) - Rights
- Alpine Linux Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:apk/alpine/nodejs-current?arch=x86_64&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | x86_64 | |
Affected | pkg:apk/alpine/nodejs-current?arch=x86_64&distro=alpine-edge | alpine | nodejs-current | < 20.8.1-r0 | alpine-edge | x86_64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86_64&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | x86_64 | |
Affected | pkg:apk/alpine/nodejs-current?arch=x86_64&distro=alpine-3.18 | alpine | nodejs-current | < 20.8.1-r0 | alpine-3.18 | x86_64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | x86 | |
Affected | pkg:apk/alpine/nodejs-current?arch=x86&distro=alpine-edge | alpine | nodejs-current | < 20.8.1-r0 | alpine-edge | x86 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=x86&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | x86 | |
Affected | pkg:apk/alpine/nodejs-current?arch=x86&distro=alpine-3.18 | alpine | nodejs-current | < 20.8.1-r0 | alpine-3.18 | x86 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=s390x&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | s390x | |
Affected | pkg:apk/alpine/nodejs-current?arch=s390x&distro=alpine-edge | alpine | nodejs-current | < 20.8.1-r0 | alpine-edge | s390x | |
Fixed | pkg:apk/alpine/nodejs-current?arch=s390x&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | s390x | |
Affected | pkg:apk/alpine/nodejs-current?arch=s390x&distro=alpine-3.18 | alpine | nodejs-current | < 20.8.1-r0 | alpine-3.18 | s390x | |
Fixed | pkg:apk/alpine/nodejs-current?arch=riscv64&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | riscv64 | |
Affected | pkg:apk/alpine/nodejs-current?arch=riscv64&distro=alpine-edge | alpine | nodejs-current | < 20.8.1-r0 | alpine-edge | riscv64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=ppc64le&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | ppc64le | |
Affected | pkg:apk/alpine/nodejs-current?arch=ppc64le&distro=alpine-edge | alpine | nodejs-current | < 20.8.1-r0 | alpine-edge | ppc64le | |
Fixed | pkg:apk/alpine/nodejs-current?arch=ppc64le&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | ppc64le | |
Affected | pkg:apk/alpine/nodejs-current?arch=ppc64le&distro=alpine-3.18 | alpine | nodejs-current | < 20.8.1-r0 | alpine-3.18 | ppc64le | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armv7&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | armv7 | |
Affected | pkg:apk/alpine/nodejs-current?arch=armv7&distro=alpine-edge | alpine | nodejs-current | < 20.8.1-r0 | alpine-edge | armv7 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armv7&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | armv7 | |
Affected | pkg:apk/alpine/nodejs-current?arch=armv7&distro=alpine-3.18 | alpine | nodejs-current | < 20.8.1-r0 | alpine-3.18 | armv7 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armhf&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | armhf | |
Affected | pkg:apk/alpine/nodejs-current?arch=armhf&distro=alpine-edge | alpine | nodejs-current | < 20.8.1-r0 | alpine-edge | armhf | |
Fixed | pkg:apk/alpine/nodejs-current?arch=armhf&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | armhf | |
Affected | pkg:apk/alpine/nodejs-current?arch=armhf&distro=alpine-3.18 | alpine | nodejs-current | < 20.8.1-r0 | alpine-3.18 | armhf | |
Fixed | pkg:apk/alpine/nodejs-current?arch=aarch64&distro=alpine-edge | alpine | nodejs-current | = 20.8.1-r0 | alpine-edge | aarch64 | |
Affected | pkg:apk/alpine/nodejs-current?arch=aarch64&distro=alpine-edge | alpine | nodejs-current | < 20.8.1-r0 | alpine-edge | aarch64 | |
Fixed | pkg:apk/alpine/nodejs-current?arch=aarch64&distro=alpine-3.18 | alpine | nodejs-current | = 20.8.1-r0 | alpine-3.18 | aarch64 | |
Affected | pkg:apk/alpine/nodejs-current?arch=aarch64&distro=alpine-3.18 | alpine | nodejs-current | < 20.8.1-r0 | alpine-3.18 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |