What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2023-39332.

What functions are affected by this vulnerability?

Various `node:fs` functions are affected by this vulnerability.

What software is affected by this vulnerability?

Node.js versions up to 20.8.0 are affected by this vulnerability.

What is the severity rating of this vulnerability?

The severity rating of this vulnerability is critical with a rating of 9.8.

Are there any references for this vulnerability?

Yes, you can find references for this vulnerability at the following links: [Link 1](https://hackerone.com/reports/2199818), [Link 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/), [Link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/).

What is the Common Weakness Enumeration (CWE) ID associated with this vulnerability?

The Common Weakness Enumeration (CWE) ID associated with this vulnerability is CWE-22.

Vulnerability/
CVE-2023-39332

critical

9.8

CWE

16/10/2023

18/10/2023

13/9/2024

CVE-2023-39332: Path Traversal

First published: Mon Oct 16 2023(Updated: )

Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass using non-Buffer Uint8Array objects. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the experimental permission model.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Nodejs Node.js	>=20.0.0<20.8.0
Fedoraproject Fedora	=39
IBM Cognos Analytics	<=12.0.0-12.0.2
IBM Cognos Analytics	<=11.2.0-11.2.4 FP3

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7156941

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-39332.
What functions are affected by this vulnerability?
Various `node:fs` functions are affected by this vulnerability.
What software is affected by this vulnerability?
Node.js versions up to 20.8.0 are affected by this vulnerability.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is critical with a rating of 9.8.
Are there any references for this vulnerability?
Yes, you can find references for this vulnerability at the following links: [Link 1](https://hackerone.com/reports/2199818), [Link 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/), [Link 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/).
What is the Common Weakness Enumeration (CWE) ID associated with this vulnerability?
The Common Weakness Enumeration (CWE) ID associated with this vulnerability is CWE-22.

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/first-publish-date
agent/weakness
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-39332
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/references
agent/severity
agent/description
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
agent/trending
vendor/nodejs
canonical/nodejs node.js
version/nodejs node.js/20.0.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/39
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/12.0.0-12.0.2
version/ibm cognos analytics/11.2.0-11.2.4 fp3