BIT-node-min-2023-30584

BIT-node-min-2023-30584 PUBLISHED CVSS 7.699999809265137 HIGH

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Risk Scores

CVSS v3.1

7.699999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Bitnami	node-min	20.0.0, 20.0.0, 20.0.0

Timeline

Dec 16, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

https://nodejs.org/en/blog/vulnerability/june-2023-security-releases url
https://security.netapp.com/advisory/ntap-20241108-0005/ url
https://nvd.nist.gov/vuln/detail/CVE-2023-30584 url

Open in Interactive Console →