CVE-2024-36137 - Node.js FS Write Flag Experimental Permission Model Path Traversal Vulnerability

2 months ago 29
ARTICLE AD BOX
CVE ID : CVE-2024-36137
Published : Sept. 7, 2024, 4:15 p.m. | 24 minutes ago
Description : A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article