A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2023-10-18T03:55:18.506Z

Updated: 2024-09-13T15:17:11.067Z

Reserved: 2023-07-28T01:00:12.347Z

Link: CVE-2023-39331

cve-icon Vulnrichment

Updated: 2024-08-02T18:02:07.096Z

cve-icon NVD

Status : Modified

Published: 2023-10-18T04:15:11.257

Modified: 2024-11-21T08:15:10.470

Link: CVE-2023-39331

cve-icon Redhat

Severity : Important

Publid Date: 2023-10-13T00:00:00Z

Links: CVE-2023-39331 - Bugzilla