Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-39331HistoryOct 18, 2023 - 4:15 a.m.
CVE-2023-39331
2023-10-1804:15:11
Alpine Linux Development Team
security.alpinelinux.org
10
cve-2023-39331
vulnerability
patch
insufficiency
path traversal
protection
overwriting
utility functions
user-defined
implementation
experimental feature
node.js
unix
0.001 Low
EPSS
Percentile
21.1%
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.16-main | noarch | nodejs | =ย 16.20.2-r0 | UNKNOWN |
| Alpine | 3.15-main | noarch | nodejs | =ย 16.20.2-r0 | UNKNOWN |
| Alpine | 3.18-main | noarch | nodejs | =ย 18.20.1-r0 | UNKNOWN |
| Alpine | 3.17-main | noarch | nodejs | =ย 18.20.1-r0 | UNKNOWN |
| Alpine | edge-community | noarch | nodejs-current | <ย 20.8.1-r0 | UNKNOWN |
| Alpine | 3.18-community | noarch | nodejs-current | <ย 20.8.1-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | nodejs-current | <ย 20.8.1-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | nodejs-current | <ย 20.8.1-r0 | UNKNOWN |
Related
osv
osv
BIT-node-2023-39331
2024-03-06 10:59:16
CVE-2023-39331
2023-10-18 04:15:11
BIT-2023-39331
2023-10-26 06:23:13
redhatcve
redhatcve
ubuntucve
ubuntucve
debiancve
debiancve
cvelist
cvelist
CVE-2023-39331
2023-10-18 03:55:18
CVE-2023-39332
2023-10-18 03:55:18
hackerone
hackerone
prion
prion
Path traversal
2023-10-18 04:15:00
Path traversal
2023-10-18 04:15:00
cve
cve
wolfi
wolfi
CVE-2023-39331 vulnerabilities
2024-06-02 09:07:39
CVE-2023-30584 vulnerabilities
2024-06-02 09:07:39
cgr
cgr
CVE-2023-39331 vulnerabilities
2024-05-19 03:07:16
CVE-2023-30584 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Path Traversal
2023-11-30 21:30:49
f5
f5
nessus
nessus
Rocky Linux 8 : nodejs:20 (RLSA-2023:7205)
2023-11-28 00:00:00
Fedora 38 : nodejs20 (2023-4d2fd884ea)
2023-10-26 00:00:00
Fedora 37 : nodejs20 (2023-f66fc0f62a)
2023-10-26 00:00:00
alpinelinux
alpinelinux
CVE-2023-39332
2023-10-18 04:15:11
ibm
ibm
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier
2024-01-19 18:15:17
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0132
2023-11-01 00:00:00
redhat
redhat
(RHSA-2023:7205) Important: nodejs:20 security update
2023-11-14 16:23:42
fedora
fedora
[SECURITY] Fedora 38 Update: nodejs20-20.8.1-1.fc38
2023-10-26 01:51:49
[SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37
2023-10-26 01:35:05
[SECURITY] Fedora 39 Update: nodejs20-20.8.1-1.fc39
2023-11-03 18:59:18
openvas
openvas
Node.js 18.x < 18.18.2, 20.x < 20.8.1 Multiple Vulnerabilities - Mac OS X
2023-10-12 00:00:00
Fedora: Security Advisory for nodejs20 (FEDORA-2023-7b52921cae)
2023-11-05 00:00:00
Fedora: Security Advisory for nodejs20 (FEDORA-2023-f66fc0f62a)
2023-10-28 00:00:00
almalinux
almalinux
Important: nodejs:20 security update
2023-11-14 00:00:00
rocky
rocky
nodejs:20 security update
2023-11-28 22:43:02
oraclelinux
oraclelinux
nodejs:20 security update
2023-11-22 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2023-07-07 08:54:45
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00