CVE-2023-30584

HIGH7.7EPSS 0.01%

發布日:2024/9/10修改日:2025/4/3

描述

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

受影響套件(2)

Bitnami/node>= 20.0.0, < 20.3.1
Bitnami/node-min>= 20.0.0, < 20.3.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.7	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(3)

WEBhttps://nodejs.org/en/blog/vulnerability/june-2023-security-releases
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-30584
WEBhttps://security.netapp.com/advisory/ntap-20241108-0005/