PT-2023-6420 · Node.Js+4 · Node.Js+4

Tniessen

Publicado

2023-10-17

Atualizado

2024-12-16

CVE-2023-39332

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)

Description The issue is related to incorrect restriction of directory path names with limited access. Exploitation of this issue may allow an attacker to access confidential information. The problem involves node:fs functions that can specify paths as either strings or Uint8Array objects, and in Node.js environments, the Buffer class extends the Uint8Array class.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALSA-2023:7205

BDU:2023-07136

BIT-NODE-2023-39332

BIT-NODE-MIN-2023-39332

CESA-2023_7205

CVE-2023-39332

OPENSUSE-SU-2024:13337-1

RHSA-2023:7205

RHSA-2023_7205

RLSA-2023:7205

Produtos afetados

Almalinux

Centos

Node.Js

Red Hat

Rocky Linux

PT-2023-6420 · Node.Js+4 · Node.Js+4

CVE-2023-39332

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 49