SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:3355-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3355-1 advisory. - https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for...

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js version 20, which stems from a vulnerability that allows an attacker to retrieve statistical information from restricted files using fs.statfs...

Wednesday August 9th 2023 Security Releases

Wednesday August 9th 2023 Security Releases Update 09-August-2023 Security releases available Updates are now available for the v16.x, v18.x, and v20.x Node.js release lines for the following issues. Permissions policies can be bypassed via Module.load HIGHCVE-2023-32002 The use of Module.load ca...

Node.js: fs.statfs bypasses Permission Model

A vulnerability was found in Node.js version 20 that allowed malicious actors to bypass the permission model and retrieve file stats using the fs.statfs API, even if they did not have explicit read access to the file...

PT-2023-9687 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A flaw in the experimental permission model of Node.js version 20 allows malicious actors to retrieve stats from files they do not have explicit read access to when the --allow-fs-read flag is used with a non-...