Bug 2219829 (CVE-2023-30584)
| Summary: | CVE-2023-30584 nodejs: path traversal bypass in experimental permission model | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | hhorak, jorton, nodejs-maint |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Node 20.3.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions.
This vulnerability affects all users using the experimental permission model in Node.js
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2220697, 2220698, 2220693, 2220694, 2220695, 2220696, 2220699, 2220700, 2220701, 2220702, 2220703, 2220704 | ||
| Bug Blocks: | 2217661 | ||
|
Description
Dhananjay Arunesh
2023-07-05 14:51:53 UTC
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2220698] Affects: fedora-all [bug 2220696] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220695] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2220697] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220694] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220693] |