CVE-2023-30584

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
https://security.netapp.com/advisory/ntap-20241108-0005/

Configurations

No configuration.

History

21 Nov 2024, 08:00

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20241108-0005/ -

09 Sep 2024, 19:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.7
CWE		CWE-22

09 Sep 2024, 13:03

Type	Values Removed	Values Added
Summary		(es) Se ha descubierto una vulnerabilidad en la versión 20 de Node.js, específicamente en el modelo de permisos experimental. Esta falla está relacionada con el manejo inadecuado de la omisión de la ruta de acceso al verificar los permisos de los archivos. Tenga en cuenta que, en el momento en que se emitió esta CVE, el modelo de permisos era una característica experimental de Node.js.

07 Sep 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-07 16:15

Updated : 2024-11-21 08:00

NVD link : CVE-2023-30584

Mitre link : CVE-2023-30584

CVE.ORG link : CVE-2023-30584

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

7.7 /10