Total vulnerabilities in the database
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
| Software | From | Fixed in |
|---|---|---|
| nodejs / node.js | 20.0.0 | 20.8.1 |