CVE-2023-39331
HIGHNodejs Node.js < 20.8.1 - Path Traversal
Title source: ruleDescription
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Scores
CVSS v3
7.5
EPSS
0.0064
EPSS Percentile
70.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Classification
CWE
CWE-22
Status
published
Affected Products (1)
nodejs/node.js
< 20.8.1
Timeline
Published
Oct 18, 2023
Tracked Since
Feb 18, 2026