23 matches found
BIT-NODE-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
Internet Bug Bounty: Path traversal through path stored in Uint8Array in Node.js 20
A path traversal vulnerability was discovered in Node.js 20 through paths stored in Uint8Array objects. The vulnerability allowed bypassing path sanitization protections and reading arbitrary files outside of a restricted directory. The issue was addressed by properly sanitizing Uint8Array paths ...
BIT-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
CVE-2023-32004
creationtimestamp| type| source ---|---|--- 2023-10-18 07:33:24+00:00| seen| https://t.me/cibsecurity/72477 2024-11-14 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08 2025-05-08 16:23:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15554...
Node.js: Path traversal through path stored in Uint8Array
A vulnerability was discovered in Node.js that allowed path traversal through Uint8Array objects. This vulnerability affected users using the experimental permission model in Node.js 20...
Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-304)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-304 advisory. The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Please note that at the time this CVE was issued, the policy...
SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:3378-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3378-1 advisory. Update to LTS version 18.17.1. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. -...
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:3379-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3379-1 advisory. Update to LTS version 16.20.2. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. -...
Fedora 37 : nodejs16 / nodejs18 / nodejs20 (2023-18476abd7e)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-18476abd7e advisory. https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for the v16.x, v18.x, a...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:3355-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3355-1 advisory. Update to LTS version 16.20.2: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006:...
Fedora: Security Advisory for nodejs20 (FEDORA-2023-d12a917ab4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : nodejs16 / nodejs18 / nodejs20 (2023-d12a917ab4)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-d12a917ab4 advisory. https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for the v16.x, v18.x, a...
CVE-2023-32004 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32004
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...
CVE-2023-32004
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...
CVE-2023-32004
CVE-2023-32004 concerns Node.js 20, specifically its experimental permission model. Available sources describe a vulnerability in the file-system APIs where improper handling of Buffers can cause a traversal path to bypass file permission checks. The issue affects users operating under the experi...
CVE-2023-32004
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...
CVE-2023-32004
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...
Node.js 16.x < 16.20.2 / 18.x < 18.17.1 / 20.x < 20.5.1 Multiple Vulnerabilities (Wednesday August 09 2023 Security Releases).
The version of Node.js installed on the remote host is prior to 16.20.2, 18.17.1, 20.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday August 09 2023 Security Releases advisory: - Permissions policies can be bypassed via Module.load CVE-2023-32002 -...
Node.js 20.x < 20.5.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...