12 matches found
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
...
BIT-NODE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
CVE-2024-22018
A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to...
SUSE CVE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
AZL-43213 CVE-2024-22018 affecting package nodejs 20.14.0-13
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
CVE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
CVE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
CVE-2024-22018
CVE-2024-22018 describes a vulnerability in Node.js under the experimental permission model when using the --allow-fs-read flag. The issue stems from an inadequate permission model that does not restrict file stats via the fs.lstat API, allowing an attacker to retrieve statistics for files to whi...
CVE-2023-32005
CVE-2023-32005 affects Node.js 20 when using the experimental permission model. The issue stems from an inadequate permission model that fails to restrict file stats via fs.statfs, allowing a user with --allow-fs-read and a non-* path to retrieve stats on files they do not have read access to. Af...
CVE-2023-32005
A vulnerability was found in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.statfs API. As a result, malicious actors ca...
CVE-2023-30582
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument...
PT-2023-4525 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: The issue is related to the fs.openAsBlob method in Node.js, which can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag. This flaw arises from a...