Lucene search
HackeroneCVELIST:CVE-2023-32004HistoryAug 15, 2023 - 3:10 p.m.
CVE-2023-32004
2023-08-1515:10:19
hackerone
www.cve.org
cve-2023-32004
buffers
file system apis
traversal path bypass
experimental feature
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.
This vulnerability affects all users using the experimental permission model in Node.js 20.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CNA Affected
[
{
"defaultStatus": "unaffected",
"vendor": "Node.js",
"product": "Node.js",
"versions": [
{
"version": "20.5.0",
"status": "affected",
"lessThanOrEqual": "20.5.0",
"versionType": "semver"
}
]
}
]Related
redhatcve
redhatcve
CVE-2023-32004
2023-08-10 10:19:15
CVE-2023-39332
2023-10-16 16:49:58
ubuntucve
ubuntucve
CVE-2023-32004
2023-08-15 00:00:00
CVE-2023-39332
2023-10-18 00:00:00
cgr
cgr
CVE-2023-32004 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-32004 vulnerabilities
2024-06-17 03:08:17
alpinelinux
alpinelinux
CVE-2023-32004
2023-08-15 16:15:11
CVE-2023-39332
2023-10-18 04:15:11
nvd
nvd
CVE-2023-32004
2023-08-15 16:15:11
CVE-2023-39332
2023-10-18 04:15:11
hackerone
hackerone
Node.js: Permission model bypass by specifying a path traversal sequence in a buffer,
2023-06-26 06:45:26
Internet Bug Bounty: (CVE-2023-32004) Permission model bypass by specifying a path traversal sequence in a Buffer
2023-08-09 18:31:37
Node.js: Path traversal through path stored in Uint8Array
2023-10-10 12:45:46
cve
cve
CVE-2023-32004
2023-08-15 16:15:11
CVE-2023-39332
2023-10-18 04:15:11
osv
osv
CVE-2023-32004
2023-08-15 16:15:11
BIT-node-2023-32004
2024-03-06 11:00:15
BIT-2023-39332
2023-10-26 06:23:05
debiancve
debiancve
CVE-2023-32004
2023-08-15 16:15:11
CVE-2023-39332
2023-10-18 04:15:11
prion
prion
Path traversal
2023-08-15 16:15:00
Path traversal
2023-10-18 04:15:00
cvelist
cvelist
CVE-2023-39332
2023-10-18 03:55:18
openvas
openvas
Node.js 20.x < 20.5.1 Multiple Vulnerabilities - Windows
2023-08-10 00:00:00
Node.js 20.x < 20.5.1 Multiple Vulnerabilities - Mac OS X
2023-08-10 00:00:00
Fedora: Security Advisory for nodejs18 (FEDORA-2023-18476abd7e)
2023-08-19 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: nodejs20-20.5.1-1.fc38
2023-08-16 01:22:31
[SECURITY] Fedora 38 Update: nodejs18-18.17.1-1.fc38
2023-08-16 01:22:31
[SECURITY] Fedora 38 Update: nodejs16-16.20.2-1.fc38
2023-08-16 01:22:31
nessus
nessus
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:3355-1)
2023-08-19 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:3379-1)
2023-08-23 00:00:00
SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:3356-1)
2023-08-19 00:00:00
ibm
ibm
f5
f5
K000135997 : Multiple Node.js vulnerabilities
2023-08-28 00:00:00
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00