Lucene search
K

23 matches found

OSV
OSV
added 2024/03/06 10:59 a.m.42 views

BIT-NODE-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

9.8CVSS8.4AI score0.01819EPSS
Exploits0References5
Hacker One
Hacker One
added 2023/11/17 5:45 p.m.61 views

Internet Bug Bounty: Path traversal through path stored in Uint8Array in Node.js 20

A path traversal vulnerability was discovered in Node.js 20 through paths stored in Uint8Array objects. The vulnerability allowed bypassing path sanitization protections and reading arbitrary files outside of a restricted directory. The issue was addressed by properly sanitizing Uint8Array paths ...

9.8CVSS8.5AI score0.01819EPSS
Exploits0
OSV
OSV
added 2023/10/26 6:23 a.m.48 views

BIT-2023-39332

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

9.8CVSS7.2AI score0.01819EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2023/10/18 7:33 a.m.4 views

CVE-2023-32004

creationtimestamp| type| source ---|---|--- 2023-10-18 07:33:24+00:00| seen| https://t.me/cibsecurity/72477 2024-11-14 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08 2025-05-08 16:23:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15554...

8.8CVSS7AI score0.01817EPSS
Exploits0References3
Hacker One
Hacker One
added 2023/10/10 3:18 p.m.105 views

Node.js: Path traversal through path stored in Uint8Array

A vulnerability was discovered in Node.js that allowed path traversal through Uint8Array objects. This vulnerability affected users using the experimental permission model in Node.js 20...

9.8CVSS8.5AI score0.01819EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.44 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-304)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-304 advisory. The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Please note that at the time this CVE was issued, the policy...

9.8CVSS7.8AI score0.01484EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.37 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2023:3378-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3378-1 advisory. Update to LTS version 18.17.1. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. -...

9.8CVSS6.9AI score0.01484EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.30 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:3379-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3379-1 advisory. Update to LTS version 16.20.2. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. -...

9.8CVSS6.9AI score0.01484EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/08/19 12:0 a.m.59 views

Fedora 37 : nodejs16 / nodejs18 / nodejs20 (2023-18476abd7e)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-18476abd7e advisory. https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for the v16.x, v18.x, a...

9.8CVSS7.3AI score0.01817EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2023/08/19 12:0 a.m.37 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:3355-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3355-1 advisory. Update to LTS version 16.20.2: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006:...

9.8CVSS6.9AI score0.01484EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2023/08/17 12:0 a.m.24 views

Fedora: Security Advisory for nodejs20 (FEDORA-2023-d12a917ab4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.01817EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/08/16 12:0 a.m.35 views

Fedora 38 : nodejs16 / nodejs18 / nodejs20 (2023-d12a917ab4)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-d12a917ab4 advisory. https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for the v16.x, v18.x, a...

9.8CVSS7.3AI score0.01817EPSS
Exploits3References8
Wolfi
Wolfi
added 2023/08/15 4:15 p.m.29 views

CVE-2023-32004 vulnerabilities

Vulnerabilities for packages: nodejs...

8.8CVSS9.5AI score0.01817EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/08/15 4:15 p.m.83 views

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

8.8CVSS6.8AI score0.01817EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/08/15 3:10 p.m.17 views

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

7AI score0.01817EPSS
Exploits0References4
CVE
CVE
added 2023/08/15 3:10 p.m.678 views

CVE-2023-32004

CVE-2023-32004 concerns Node.js 20, specifically its experimental permission model. Available sources describe a vulnerability in the file-system APIs where improper handling of Buffers can cause a traversal path to bypass file permission checks. The issue affects users operating under the experi...

8.8CVSS8.8AI score0.01817EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/08/15 3:10 p.m.26 views

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

9.2AI score0.01817EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/08/15 3:10 p.m.35 views

CVE-2023-32004

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using th...

8.8CVSS7.3AI score0.01817EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/11 12:0 a.m.264 views

Node.js 16.x < 16.20.2 / 18.x < 18.17.1 / 20.x < 20.5.1 Multiple Vulnerabilities (Wednesday August 09 2023 Security Releases).

The version of Node.js installed on the remote host is prior to 16.20.2, 18.17.1, 20.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday August 09 2023 Security Releases advisory: - Permissions policies can be bypassed via Module.load CVE-2023-32002 -...

9.8CVSS7.1AI score0.01817EPSS
Exploits3References8
OpenVAS
OpenVAS
added 2023/08/10 12:0 a.m.21 views

Node.js 20.x < 20.5.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

8.8CVSS7.5AI score0.01817EPSS
Exploits2References1
Rows per page
Query Builder