fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob() API. References: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2220735] Affects: fedora-all [bug 2220733] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220732] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2220734] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220731] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220730]
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2220741] Affects: fedora-all [bug 2220739] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220738] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2220740] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220737] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2220736]