Products
Node.js
- 20
Source
support@hackerone.com
Tags
CVE-2023-30583 details
Published : Sept. 7, 2024, 4:15 p.m.
Last Modified : Sept. 7, 2024, 4:15 p.m.
Last Modified : Sept. 7, 2024, 4:15 p.m.
Description
fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases | support@hackerone.com |
This website uses the NVD API, but is not approved or certified by it.