CVE-2023-32003

Summary

CVE-2023-32003 is a vulnerability affecting Node.js version 20 that permits bypassing the permission model check through a path traversal attack using the `fs.mkdtemp()` and `fs.mkdtempSync()` functions. The issue arises due to a missing check in the `fs.mkdtemp()` API, enabling malicious actors to create arbitrary directories. This vulnerability impacts all users who employ the experimental permission model in Node.js 20. It is important to note that the permission model in Node.js 20 is an experimental feature, and its exploitation may lead to serious consequences.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.