18 matches found
EUVD-2026-39608
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48935
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48935
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
...
The vulnerability of the fs.statfs function in the Node.js software platform allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the fs.statfs function in the Node.js software platform is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the...
BIT-NODE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
CVE-2024-22018
A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to...
SUSE CVE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
AZL-43213 CVE-2024-22018 affecting package nodejs 20.14.0-13
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
CVE-2024-22018
CVE-2024-22018 describes a vulnerability in Node.js under the experimental permission model when using the --allow-fs-read flag. The issue stems from an inadequate permission model that does not restrict file stats via the fs.lstat API, allowing an attacker to retrieve statistics for files to whi...
CVE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
CVE-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
CVE-2023-32005
CVE-2023-32005 affects Node.js 20 when using the experimental permission model. The issue stems from an inadequate permission model that fails to restrict file stats via fs.statfs, allowing a user with --allow-fs-read and a non-* path to retrieve stats on files they do not have read access to. Af...
The vulnerability of the fs.watchFile method in the Node.js software platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the fs.watchFile method in the Node.js software platform is related to errors in using the --allow-fs-read flag with an argument other than =. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the fs.openAsBlob() method in the Node.js software platform allows attackers to compromise the integrity of protected information.
The vulnerability of the fs.openAsBlob method in the Node.js programming platform is related to errors in using the --allow-fs-read flag for file system access. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information...
CVE-2023-32005
A vulnerability was found in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.statfs API. As a result, malicious actors ca...
CVE-2023-30582
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument...
PT-2023-4525 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: The issue is related to the fs.openAsBlob method in Node.js, which can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag. This flaw arises from a...