21 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-39331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the...
EUVD-2023-43062
Malicious code in bioql PyPI...
BIT-NODE-MIN-2023-39331
A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...
CVE-2023-30584 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30584 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30584
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an...
CVE-2023-30584
CVE-2023-30584 affects Node.js 20 with the experimental permission model. It describes a path traversal bypass in how file permissions are verified due to improper handling within the experimental permission model. The vulnerability is described as local with high confidentiality and integrity im...
CVE-2023-30584
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an...
BIT-NODE-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
Internet Bug Bounty: Path traversal through path stored in Uint8Array in Node.js 20
A path traversal vulnerability was discovered in Node.js 20 through paths stored in Uint8Array objects. The vulnerability allowed bypassing path sanitization protections and reading arbitrary files outside of a restricted directory. The issue was addressed by properly sanitizing Uint8Array paths ...
BIT-2023-39331
A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.Please...
BIT-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
Internet Bug Bounty: Permission model improperly protects against path traversal in Node.js 20
A path traversal vulnerability was introduced in Node.js 20 due to insufficient patching of CVE-2023-30584. The vulnerability arises because the permission model implementation does not protect itself against the application overwriting built-in utility functions like path.resolve with user-defin...
CVE-2023-30584
creationtimestamp| type| source ---|---|--- 2023-10-18 07:33:24+00:00| seen| https://t.me/cibsecurity/72477 2023-10-18 07:33:25+00:00| seen| https://t.me/cibsecurity/72478 2024-09-07 19:20:37+00:00| seen| https://t.me/cvedetector/5033 2024-11-14 12:00:00+00:00| seen|...
Path traversal
A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please...
CVE-2023-39331
The CVE-2023-39331 entry concerns Node.js 20 with the experimental permission model. The vulnerability stems from insufficient protection against path traversal when the application overwrites built-in utility functions with user-defined implementations, following a previously disclosed issue (CV...
Node.js: Path traversal through path stored in Uint8Array
A vulnerability was discovered in Node.js that allowed path traversal through Uint8Array objects. This vulnerability affected users using the experimental permission model in Node.js 20...
Node.js: Permission model improperly protects against path traversal
Vulnerability description not provided...
SUSE CVE-2023-30584
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an...
Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...