Lucene search
+L

4 matches found

OSV
OSV
added 2 days ago4 views

CVE-2026-60085 PraisonAI before 4.6.78 Unenforced Security Policy in Subprocess Sandbox

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...

8.7CVSS6.3AI score0.00241EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/30 9:31 p.m.5 views

EUVD-2026-17180

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

3.3CVSS6.7AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2024/09/07 4:15 p.m.8 views

AZL-48849 CVE-2024-36137 affecting package nodejs 20.14.0-13

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

3.3CVSS6.6AI score0.00395EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/08/26 8:12 a.m.7 views

nodejs: fs.fchown/fchmod bypasses permission model

A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner...

3.3CVSS7.3AI score0.00395EPSS
Exploits0References4
Rows per page
Query Builder