A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 09 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Nodejs
Nodejs nodejs
CPEs cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*
Vendors & Products Nodejs
Nodejs nodejs
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}


Sat, 07 Sep 2024 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2024-09-07T16:00:35.915Z

Updated: 2024-11-08T15:02:45.393Z

Reserved: 2023-04-13T01:00:12.085Z

Link: CVE-2023-30584

cve-icon Vulnrichment

Updated: 2024-11-08T15:02:45.393Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-07T16:15:02.167

Modified: 2024-11-21T08:00:27.870

Link: CVE-2023-30584

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-06-20T00:00:00Z

Links: CVE-2023-30584 - Bugzilla