CVE-2023-32004

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 15, 2023

Updated: Sep 15, 2023

CWE ID 22

Summary

CVE-2023-32004 is a newly discovered vulnerability affecting Node.js version 20 and its experimental permission model. This issue stems from a mishandling of Buffers in file system APIs, leading to a traversal path bypass when checking file permissions. The flaw puts all users employing the experimental permission model in Node.js 20 at risk. It is important to note that the experimental permission model is not a standard feature of Node.js.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nodejs Node.js
Fedora Operating System

Affected Vendors

Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sSLiMf
https://www.cve.org/CVERecord?id=CVE-2023-32004
https://nvd.nist.gov/vuln/detail/CVE-2023-32004

Back to Vulnerability Database