A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions.

Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Related CVEs

CVE-2023-30584

Key Information

GHSA ID

GHSA-jpgc-8hrm-hvwj

Published

September 7, 2024 6:30 PM

Last Modified

September 9, 2024 9:31 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 28, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.