CVE-2023-32004

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 15, 2023
Updated: Sep 15, 2023
CWE ID 22

Summary

CVE-2023-32004 is a newly discovered vulnerability affecting Node.js version 20 and its experimental permission model. This issue stems from a mishandling of Buffers in file system APIs, leading to a traversal path bypass when checking file permissions. The flaw puts all users employing the experimental permission model in Node.js 20 at risk. It is important to note that the experimental permission model is not a standard feature of Node.js.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Nodejs Node.js
  • Fedora Operating System

Affected Vendors

  • Fedora Project