CVE-2023-32004

Name of the Vulnerable Software and Affected Versions Node.js version 20

Description A vulnerability has been discovered in the experimental permission model of Node.js, specifically related to improper handling of Buffers in file system APIs, causing a traversal path to bypass when verifying file permissions. This issue affects all users using the experimental permission model in Node.js 20. The vulnerability can be exploited by specifying a path traversal sequence in a Buffer, allowing an attacker to bypass security restrictions and gain unauthorized access to protected information.

Recommendations For Node.js version 20, consider disabling the experimental permission model until a patch is available. As a temporary workaround, restrict access to file system APIs to minimize the risk of exploitation. Avoid using Buffers with path traversal sequences in file system APIs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.