PT-2023-6420 · Node.Js+4 · Node.Js+4

Tniessen

Published

2023-10-17

Updated

2024-12-16

CVE-2023-39332

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)

Description The issue is related to incorrect restriction of directory path names with limited access. Exploitation of this issue may allow an attacker to access confidential information. The problem involves node:fs functions that can specify paths as either strings or Uint8Array objects, and in Node.js environments, the Buffer class extends the Uint8Array class.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2023:7205

BDU:2023-07136

BIT-NODE-2023-39332

BIT-NODE-MIN-2023-39332

CESA-2023_7205

CVE-2023-39332

OPENSUSE-SU-2024:13337-1

RHSA-2023:7205

RHSA-2023_7205

RLSA-2023:7205

Affected Products

Almalinux

Centos

Node.Js

Red Hat

Rocky Linux

PT-2023-6420 · Node.Js+4 · Node.Js+4

CVE-2023-39332

Weakness Enumeration

Related Identifiers

Affected Products

References · 49