A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.

Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Related CVEs

CVE-2023-39331

Key Information

GHSA ID

GHSA-7xrv-q25v-f95m

Published

October 18, 2023 6:30 AM

Last Modified

June 18, 2024 3:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 7, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.