Bug 2265717 (CVE-2024-21896)
| Summary: | CVE-2024-21896 nodejs: path traversal by monkey-patching buffer internals | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Robb Gatica <rgatica> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | nodejs 20.11.1 | Doc Type: | --- |
| Doc Text: |
A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2265718 | ||
| Bug Blocks: | 2264565 | ||
|
Description
Robb Gatica
2024-02-23 19:16:43 UTC
Created nodejs20 tracking bugs for this issue: Affects: fedora-all [bug 2265718] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1688 https://access.redhat.com/errata/RHSA-2024:1688 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1687 https://access.redhat.com/errata/RHSA-2024:1687 |