First published: Tue Aug 15 2023(Updated: )
Node.js could allow a remote attacker to bypass security restrictions, caused by the improper handling of Buffers in file system APIs within the experimental permission model. By specifying a path traversal sequence in a Buffer, an attacker could exploit this vulnerability to cause a path traversal bypass when verifying file permissions.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nodejs Node.js | >=20.0.0<=20.5.0 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
<=2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Node.js vulnerability is CVE-2023-32004.
The severity of CVE-2023-32004 is high, with a CVSS score of 8.8.
CVE-2023-32004 affects Node.js version 20.0.0 to 20.5.0.
The CWE ID for CVE-2023-32004 is CWE-22.
To fix CVE-2023-32004, it is recommended to update Node.js to a version beyond 20.5.0.