Lucene search
TniessenH1:2092852HistoryAug 01, 2023 - 10:30 p.m.
Node.js: Permission model improperly protects against path traversal
2023-08-0122:30:20
tniessen
hackerone.com
20
node.js
path traversal
vulnerability
patched
cve-2023-30584
commit 205f1e6
permission model
experimental
bug bounty
0.001 Low
EPSS
Percentile
22.2%
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Please note that at the time this CVE is issued, the permission model is an experimental feature of Node.js.
Related
debiancve
debiancve
osv
osv
BIT-node-2023-39331
2024-03-06 10:59:16
CVE-2023-39331
2023-10-18 04:15:11
BIT-2023-39331
2023-10-26 06:23:13
redhatcve
redhatcve
ubuntucve
ubuntucve
cvelist
cvelist
CVE-2023-39331
2023-10-18 03:55:18
CVE-2023-39332
2023-10-18 03:55:18
hackerone
hackerone
Internet Bug Bounty: Permission model improperly protects against path traversal in Node.js 20
2023-10-25 13:58:08
Node.js: Filesystem experimental permissions policy does not handle path traversal cases.
2023-04-18 18:34:13
Internet Bug Bounty: Path traversal by monkey-patching Buffer internals
2024-03-26 14:50:28
alpinelinux
alpinelinux
CVE-2023-39331
2023-10-18 04:15:11
CVE-2023-39332
2023-10-18 04:15:11
prion
prion
Path traversal
2023-10-18 04:15:00
Path traversal
2023-10-18 04:15:00
nvd
nvd
CVE-2023-39331
2023-10-18 04:15:11
CVE-2023-39332
2023-10-18 04:15:11
cve
cve
cgr
cgr
CVE-2023-39331 vulnerabilities
2024-05-19 03:07:16
CVE-2023-30584 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-30584 vulnerabilities
2024-06-27 09:08:32
CVE-2023-39331 vulnerabilities
2024-06-27 09:08:32
veracode
veracode
Path Traversal
2023-11-30 21:30:49
f5
f5
nessus
nessus
Fedora 38 : nodejs20 (2023-4d2fd884ea)
2023-10-26 00:00:00
Rocky Linux 8 : nodejs:20 (RLSA-2023:7205)
2023-11-28 00:00:00
Fedora 39 : nodejs20 (2023-7b52921cae)
2023-11-07 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.14 and earlier
2024-01-19 18:15:17
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0132
2023-11-01 00:00:00
openvas
openvas
Node.js 18.x < 18.18.2, 20.x < 20.8.1 Multiple Vulnerabilities - Mac OS X
2023-10-12 00:00:00
Fedora: Security Advisory for nodejs20 (FEDORA-2023-7b52921cae)
2023-11-05 00:00:00
Node.js 18.x < 18.18.2, 20.x < 20.8.1 Multiple Vulnerabilities - Windows
2023-10-12 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: nodejs20-20.8.1-1.fc38
2023-10-26 01:51:49
[SECURITY] Fedora 39 Update: nodejs20-20.8.1-1.fc39
2023-11-03 18:59:18
[SECURITY] Fedora 37 Update: nodejs20-20.8.1-1.fc37
2023-10-26 01:35:05
redhat
redhat
(RHSA-2023:7205) Important: nodejs:20 security update
2023-11-14 16:23:42
almalinux
almalinux
Important: nodejs:20 security update
2023-11-14 00:00:00
rocky
rocky
nodejs:20 security update
2023-11-28 22:43:02
oraclelinux
oraclelinux
nodejs:20 security update
2023-11-22 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2023-07-07 08:54:45
gentoo
gentoo
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
ics
ics
Siemens SINEC NMS
2024-02-15 12:00:00