4 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-36137
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission...
ALPINE-CVE-2024-36137
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...
UBUNTU-CVE-2024-36137
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...
Authorization Bypass
Overview Affected versions of this package are vulnerable to Authorization Bypass via fs.fchown or fs.fchmod operations which can use a "read-only" file descriptor to change the owner and permissions of a file. Note: This is only exploitable for users using the experimental permission when the...