Lucene search
+L

5 matches found

OSV
OSV
added 2026/06/23 2:50 p.m.9 views

BIT-NODE-MIN-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.8AI score0.00208EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.14 views

TencentOS Server 3: nodejs:20 (TSSA-2024:0765)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0765 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:12 a.m.11 views

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

...

2.9CVSS6.6AI score0.00458EPSS
Exploits0
OSV
OSV
added 2024/12/16 1:59 p.m.23 views

BIT-NODE-MIN-2023-30583

fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...

7.5CVSS6AI score0.00722EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.10 views

PT-2024-5124

Name of the Vulnerable Software and Affected Versions: Node.js versions 20 through 21 Description: A flaw in the experimental permission model of Node.js allows malicious actors to retrieve stats from files they do not have explicit read access to when the --allow-fs-read flag is used. This issue...

2.9CVSS6.6AI score0.00458EPSS
Exploits0References270
Rows per page
Query Builder