Path Traversal Vulnerability in Node.js Libraries
CVE-2023-39332

9.8CRITICAL

Key Information:

Vendor: Nodejs
Status: Node
Vendor: CVE Published:; 18 October 2023

What is CVE-2023-39332?

A path traversal vulnerability exists in Node.js due to improper handling of Uint8Array objects in file system operations. While Node.js includes protections against path traversal for strings and Buffer objects, it fails to implement similar safeguards for non-Buffer Uint8Array instances. This allows attackers to exploit file access pathways beyond intended directories, posing significant security risks. The vulnerability emerges amid the experimental permission model in Node.js, which heightens the need for caution in applications utilizing these features.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Node 4.0 < 4.*

Node 5.0 < 5.*

Node 6.0 < 6.*

References

https://hackerone.com/reports/2199818

https://lists.fedoraproject.org/archives/list/package-ann...

https://security.netapp.com/advisory/ntap-20231116-0009/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2023
Vulnerability Reserved
Jul 28, 2023

JSON

Nodejs

What is CVE-2023-39332?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.