CVE-2023-30584

HIGH

Node.js < 20.3.1 - Path Traversal Bypass in Experimental Permission Model

Title source: llm

Description

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

References (2)

Core 2

Core References

Various Sources

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

Vendor Advisory

https://security.netapp.com/advisory/ntap-20241108-0005/

Scores

CVSS v3 7.7

EPSS 0.0001

EPSS Percentile 2.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (15)

NodeJS/Node 10.0 - 10.*

NodeJS/Node 11.0 - 11.*

NodeJS/Node 12.0 - 12.*

NodeJS/Node 13.0 - 13.*

NodeJS/Node 14.0 - 14.*

NodeJS/Node 15.0 - 15.*

NodeJS/Node 17.0 - 17.*

NodeJS/Node 19.0 - 19.*

NodeJS/Node 20.0 - 20.3.1

NodeJS/Node 4.0 - 4.*

... and 5 more

Published Sep 07, 2024

Tracked Since Feb 18, 2026