BIT-node-2023-32004 — Vulnetix

Try Vulnetix Request Demo

BIT-node-2023-32004 PUBLISHED CVSS 8.800000190734863 HIGH

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Bitnami	node	20.0.0, 20.0.0, 20.0.0

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

Open in Interactive Console →