Lucene search
K

89 matches found

Snyk
Snyk
added 2026/03/26 8:19 a.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via FileHandle.chmod or FileHandle.chown functions which can use a "read-only" file descriptor to change the owner and permissions of a file. Notes: - This is only exploitable for users using the experimental...

4.4CVSS6.6AI score0.00395EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21891)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21891 advisory. - Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, whi...

8.8CVSS5.6AI score0.01245EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.2 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21896)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21896 advisory. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths giv...

9.8CVSS5.5AI score0.01262EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-36292

Malicious code in bioql PyPI...

8.8CVSS7.3AI score0.01817EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19502

Malicious code in bioql PyPI...

8.8CVSS7.1AI score0.01245EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19624

Malicious code in bioql PyPI...

2.9CVSS5.9AI score0.00458EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-34964

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.00722EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-36333

Malicious code in bioql PyPI...

3.3CVSS5.9AI score0.00395EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-36137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission...

3.3CVSS6.1AI score0.00395EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-22018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises fro...

2.9CVSS6.2AI score0.00458EPSS
Exploits0References3
OSV
OSV
added 2025/05/16 1:24 p.m.7 views

OESA-2025-1519 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js...

3.3CVSS7AI score0.00395EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-21890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:...

6.5CVSS6.6AI score0.00945EPSS
Exploits0References2
OSV
OSV
added 2025/02/28 3:33 p.m.5 views

OESA-2025-1200 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References3
OSV
OSV
added 2025/02/28 3:33 p.m.5 views

OESA-2025-1199 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:58 p.m.14 views

BIT-NODE-MIN-2023-30587

A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...

7.5CVSS7.3AI score0.00747EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:57 p.m.15 views

BIT-NODE-MIN-2023-32005

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.statfs API. As a result...

5.3CVSS6.7AI score0.01191EPSS
Exploits1References3
OSV
OSV
added 2024/12/16 1:55 p.m.15 views

BIT-NODE-MIN-2024-21891

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...

8.8CVSS7.7AI score0.01245EPSS
Exploits0References7
OSV
OSV
added 2024/12/16 1:54 p.m.11 views

BIT-NODE-MIN-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.9CVSS5AI score0.00458EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.20 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-768)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-768 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References10
BDU FSTEC
BDU FSTEC
added 2024/10/29 12:0 a.m.8 views

The vulnerability of the experimental-permission configuration in the Node.js software platform allows a hacker to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the experimental-permission configuration in the Node.js software platform is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...

9CVSS6.9AI score0.01817EPSS
Exploits0References11Affected Software3
Rows per page
Query Builder