CVE-2023-32004 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-32004 PUBLISHED

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

EPSS 0.14% · 34.5th percentile

Risk Scores

EPSS Score

0.14%

34.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	node	20.0.0
Bitnami	node	20.0.0, 20.0.0, 20.0.0
Bitnami	node-min	20.0.0, 20.0.0, 20.0.0
Bitnami	node-min	20.0.0

Timeline

CVE Published
Aug 11, 2023 PoC Published
Aug 16, 2023 EPSS Score
Sep 18, 2023 EPSS Score
Oct 7, 2023 PoC Published
Oct 21, 2023 EPSS Score
Dec 25, 2023 EPSS Score
Jan 27, 2024 EPSS Score
Feb 29, 2024 EPSS Score
Apr 2, 2024 EPSS Score
May 4, 2024 EPSS Score
Jun 6, 2024 EPSS Score

References

Open in Interactive Console →