First published: Tue Aug 15 2023(Updated: )
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nodejs Node.js | >=20.0.0<=20.5.0 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
<=2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Node.js vulnerability is CVE-2023-32004.
The severity of CVE-2023-32004 is high, with a CVSS score of 8.8.
CVE-2023-32004 affects Node.js version 20.0.0 to 20.5.0.
The CWE ID for CVE-2023-32004 is CWE-22.
To fix CVE-2023-32004, it is recommended to update Node.js to a version beyond 20.5.0.