Bugzilla – Bug 1214152
VUL-0: CVE-2023-32004: nodejs: Permission model bypass by specifying a path traversal sequence in a Buffer
Last modified: 2023-10-27 10:10:59 UTC
CVE-2023-32004 A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. This vulnerability affects all users using the experimental permission model in Node.js 20. Security Advisory: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permission-model-bypass-by-specifying-a-path-traversal-sequence-in-a-buffer-highcve-2023-32004 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2230951
Just as CVE-2023-32003 / bsc#1214151, this should only affect openSUSE:Factory/nodejs20.
This is an autogenerated message for OBS integration: This bug (1214152) was mentioned in https://build.opensuse.org/request/show/1103349 Factory / nodejs20
Done, closing.