A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2023-10-18T03:55:18.506Z
Updated: 2024-09-13T15:17:11.067Z
Reserved: 2023-07-28T01:00:12.347Z
Link: CVE-2023-39331
Vulnrichment
Updated: 2024-08-02T18:02:07.096Z
NVD
Status : Modified
Published: 2023-10-18T04:15:11.257
Modified: 2024-11-21T08:15:10.470
Link: CVE-2023-39331
Redhat