VDB

ALPINE-CVE-2024-36137

ALPINE-CVE-2024-36137 PUBLISHED CVSS 3.299999952316284 LOW

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.

Risk Scores

CVSS 3.0
3.299999952316284
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Alpine:v3.21nodejs0, 0, 0
Alpine:v3.23nodejs0, 0, 0
Alpine:v3.19nodejs12.18.3-r0, 12.19.0-r0, 14.15.1-r0
Alpine:v3.20nodejs8.11.1-r2, 8.11.2-r0, 8.11.3-r0
Alpine:v3.22nodejs0, 0, 0

Exploit Intelligence

Timeline

  • Sep 7, 2024 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›