Lucene search
HackeroneCVELIST:CVE-2023-30583HistorySep 07, 2024 - 4:00 p.m.
CVE-2023-30583
2024-09-0716:00:35
hackerone
www.cve.org
4
security flaw
file system
node.js
EPSS
0
Percentile
9.5%
fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob() API.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Node.js",
"product": "Node.js",
"versions": [
{
"version": "20.3.1",
"status": "affected",
"lessThan": "20.3.1",
"versionType": "semver"
}
]
}
]Related
ubuntucve
ubuntucve
CVE-2023-30583
2023-06-21 00:00:00
redhatcve
redhatcve
CVE-2023-30583
2023-07-05 15:17:53
osv
osv
BIT-node-2023-30583
2024-09-10 07:19:44
CGA-mp3v-hhvh-f5q3
2024-06-06 12:28:32
cgr
cgr
CVE-2023-30583 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2023-30583
2024-09-07 16:15:02
hackerone
hackerone
Node.js: fs.openAsBlob() bypasses permission system
2023-04-29 22:18:42
vulnrichment
vulnrichment
CVE-2023-30583
2024-09-07 16:00:35
cve
cve
CVE-2023-30583
2024-09-07 16:15:02
nvd
nvd
CVE-2023-30583
2024-09-07 16:15:02
wolfi
wolfi
CVE-2023-30583 vulnerabilities
2024-09-20 21:14:10
nodejsblog
nodejsblog
Tuesday June 20 2023 Security Releases
2023-06-20 00:00:00
ibm
ibm
nessus
nessus
Node.js 16.x < 16.20.1 / 18.x < 18.16.1 / 20.x < 20.3.1 Multiple Vulnerabilities (Tuesday June 20 2023 Security Releases).
2023-06-22 00:00:00
GLSA-202405-29 : Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities
2024-02-29 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2023-07-07 08:54:45
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0226)
2023-07-10 00:00:00
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00