Lucene search
K

9 matches found

OSV
OSV
added 2025/10/08 5:56 p.m.6 views

GHSA-QQ26-84MH-26J9 Deno's --deny-read check does not prevent permission bypass

Summary Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explicit read access to the script is executed with --deny-read=./ Similar APIs like Deno.stat a...

3.3CVSS6.7AI score0.00178EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19624

Malicious code in bioql PyPI...

2.9CVSS5.9AI score0.00458EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-22018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises fro...

2.9CVSS6.2AI score0.00458EPSS
Exploits0References3
OSV
OSV
added 2025/02/28 3:33 p.m.5 views

OESA-2025-1200 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:54 p.m.11 views

BIT-NODE-MIN-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.9CVSS5AI score0.00458EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.18 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-768)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-768 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References10
OSV
OSV
added 2024/07/10 2:15 a.m.4 views

UBUNTU-CVE-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.9CVSS6.6AI score0.00458EPSS
Exploits0References7
Snyk
Snyk
added 2024/07/09 10:12 a.m.1 views

Authorization Bypass

Overview Affected versions of this package are vulnerable to Authorization Bypass due to a failure to restrict file stats through the fs.lstat API that allows attackers to retrieve stats from files to which they do not have explicit read access. Note: This is exploitable only for users of the...

4.2CVSS6.8AI score0.00458EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/25 12:0 a.m.6 views

PT-2023-9687 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A flaw in the experimental permission model of Node.js version 20 allows malicious actors to retrieve stats from files they do not have explicit read access to when the --allow-fs-read flag is used with a non-...

9.8CVSS6.7AI score0.01817EPSS
Exploits3References26
Rows per page
Query Builder