89 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via FileHandle.chmod or FileHandle.chown functions which can use a "read-only" file descriptor to change the owner and permissions of a file. Notes: - This is only exploitable for users using the experimental...
Azure Linux 3.0 Security Update: nodejs (CVE-2024-21891)
The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21891 advisory. - Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, whi...
Azure Linux 3.0 Security Update: nodejs (CVE-2024-21896)
The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21896 advisory. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths giv...
EUVD-2023-36292
Malicious code in bioql PyPI...
EUVD-2024-19502
Malicious code in bioql PyPI...
EUVD-2024-19624
Malicious code in bioql PyPI...
EUVD-2023-34964
Malicious code in bioql PyPI...
EUVD-2024-36333
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-36137
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission...
Linux Distros Unpatched Vulnerability : CVE-2024-22018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises fro...
OESA-2025-1519 nodejs security update
Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js...
Linux Distros Unpatched Vulnerability : CVE-2024-21890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:...
OESA-2025-1200 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
OESA-2025-1199 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
BIT-NODE-MIN-2023-30587
A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...
BIT-NODE-MIN-2023-32005
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.statfs API. As a result...
BIT-NODE-MIN-2024-21891
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...
BIT-NODE-MIN-2024-22018
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-768)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-768 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...
The vulnerability of the experimental-permission configuration in the Node.js software platform allows a hacker to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of the experimental-permission configuration in the Node.js software platform is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...