CVE-2024-21896

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21896

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-21896.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-21896

Aliases

Related

Published

2024-02-20T02:15:50Z

Modified

2025-04-03T08:53:14.548799Z

Downstream

RHSA-2024:1688

RHSA-2024:1687

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

e7618fb5a5fc25d76b6474e2a6607f04fd6f10e0

Fixed

9b1bf44ea9e7785e38c93b7d22d32dbca262df6c

Affected versions

v20.*

v20.0.0

v20.1.0

v20.10.0

v20.11.0

v20.2.0

v20.3.0

v20.3.1

v20.4.0

v20.5.0

v20.5.1

v20.6.0

v20.6.1

v20.7.0

v20.8.0

v20.8.1

v20.9.0