BIT-node-2023-32558

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2023-32558.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-node-2023-32558

Aliases

CVE-2023-32558

Published

2024-03-06T10:59:45.565Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

The use of the deprecated API process.binding() can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

References

https://hackerone.com/reports/2051257

Affected packages

Bitnami / node

Package

Name: node
Purl: pkg:bitnami/node

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

20.0.0

Fixed

20.5.1