CVE-2023-30584

Name of the Vulnerable Software and Affected Versions Node.js version 20

Description A vulnerability has been discovered in Node.js, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. The vulnerability may allow a remote attacker to impact the integrity of protected information due to incorrect restriction of the directory path name with limited access.

Recommendations For Node.js version 20, as a temporary workaround, consider disabling the experimental permission model until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the vulnerable permission model in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.