CVE-2023-39332

🗓️ 18 Oct 2023 03:55:18Reported by hackeroneType

Various 'node:fs' functions allow specifying paths as strings or Uint8Array objects. Node.js prevents path traversal through strings and Buffer objects but not through non-Buffer Uint8Array objects. (CVE-2023-39332

Reporter	Title	Published	Views	Family All 78
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier	19 Jan 202418:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	17 Jan 202407:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities	15 Apr 202502:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities	6 Dec 202316:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components	7 May 202419:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node.js	11 Dec 202309:42	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0247: nodejs:20 (ALINUX3-SA-2024:0247)	14 May 202500:00	–	nessus
Tenable Nessus	Fedora 38 : nodejs20 (2023-4d2fd884ea)	26 Oct 202300:00	–	nessus
Tenable Nessus	Fedora 39 : nodejs20 (2023-7b52921cae)	7 Nov 202300:00	–	nessus
Tenable Nessus	Fedora 37 : nodejs20 (2023-f66fc0f62a)	26 Oct 202300:00	–	nessus

NVD

Vulners

Node

nodejs node.jsRange20.0.0–20.8.0-

Node

fedoraproject fedoraMatch39

[
  {
    "product": "Node",
    "vendor": "NodeJS",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "4.0",
        "status": "affected",
        "lessThan": "4.*"
      },
      {
        "versionType": "semver",
        "version": "5.0",
        "status": "affected",
        "lessThan": "5.*"
      },
      {
        "versionType": "semver",
        "version": "6.0",
        "status": "affected",
        "lessThan": "6.*"
      },
      {
        "versionType": "semver",
        "version": "7.0",
        "status": "affected",
        "lessThan": "7.*"
      },
      {
        "versionType": "semver",
        "version": "8.0",
        "status": "affected",
        "lessThan": "8.*"
      },
      {
        "versionType": "semver",
        "version": "9.0",
        "status": "affected",
        "lessThan": "9.*"
      },
      {
        "versionType": "semver",
        "version": "10.0",
        "status": "affected",
        "lessThan": "10.*"
      },
      {
        "versionType": "semver",
        "version": "11.0",
        "status": "affected",
        "lessThan": "11.*"
      },
      {
        "versionType": "semver",
        "version": "12.0",
        "status": "affected",
        "lessThan": "12.*"
      },
      {
        "versionType": "semver",
        "version": "13.0",
        "status": "affected",
        "lessThan": "13.*"
      },
      {
        "versionType": "semver",
        "version": "14.0",
        "status": "affected",
        "lessThan": "14.*"
      },
      {
        "versionType": "semver",
        "version": "15.0",
        "status": "affected",
        "lessThan": "15.*"
      },
      {
        "versionType": "semver",
        "version": "16.0",
        "status": "affected",
        "lessThan": "16.*"
      },
      {
        "versionType": "semver",
        "version": "17.0",
        "status": "affected",
        "lessThan": "17.*"
      },
      {
        "versionType": "semver",
        "version": "19.0",
        "status": "affected",
        "lessThan": "19.*"
      },
      {
        "versionType": "semver",
        "version": "20.0",
        "status": "affected",
        "lessThan": "20.8.1"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2199818
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
security	www.security.netapp.com/advisory/ntap-20231116-0009/
security	www.security.netapp.com/advisory/ntap-20241108-0002/

03 Nov 2025 22:16Current

8.6High risk

Vulners AI Score8.6

CVSS 3.19.8

EPSS0.01819

SSVC

CWE-22