A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | 3.16-main | noarch | nodejs | =ย 16.20.2-r0 | UNKNOWN |
Alpine | 3.15-main | noarch | nodejs | =ย 16.20.2-r0 | UNKNOWN |
Alpine | 3.18-main | noarch | nodejs | =ย 18.20.1-r0 | UNKNOWN |
Alpine | 3.17-main | noarch | nodejs | =ย 18.20.1-r0 | UNKNOWN |
Alpine | edge-community | noarch | nodejs-current | <ย 20.8.1-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | nodejs-current | <ย 20.8.1-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | nodejs-current | <ย 20.8.1-r0 | UNKNOWN |
Alpine | 3.20-community | noarch | nodejs-current | <ย 20.8.1-r0 | UNKNOWN |