Home > Vulnerability Database > CVE-2023-30584

Mend.io Vulnerability Database

CVE-2023-30584

Date: September 7, 2024

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Language: JS

Severity Score

7.7

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30584

Url: https://security.netapp.com/advisory/ntap-20241108-0005/

Url: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#mainmoduleproto-bypass-experimental-policy-mechanism-high-cve-2023-30581

Url: https://github.com/nodejs/node/commit/205f1e643e25648173239b2de885fec430268492

Url: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases

Url: https://www.mend.io/vulnerability-database/CVE-2023-30584

Severity Score

7.7

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30584

Date: September 7, 2024

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?