CVE-2024-21896

CWE-27CWE-22Path Traversal7 documents7 sources
Severity
9.8CRITICAL
EPSS
1.6%
top 18.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nodejs NodeNodejs Node.js
Timeline
PublishedFeb 20

Description

The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental per

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5nodejs/node4.04.*+16
NVDnodejs/node.js20.0.020.11.1+1

🔴Vulnerability Details

3
CVEList
CVE-2024-21896: The permission model protects itself against path traversal attacks by calling path2024-02-20
OSV
CVE-2024-21896: The permission model protects itself against path traversal attacks by calling path2024-02-20
GHSA
GHSA-3q5r-g7hx-jv3c: The permission model protects itself against path traversal attacks by calling path2024-02-20

📋Vendor Advisories

3
Red Hat
nodejs: path traversal by monkey-patching buffer internals2024-02-19
Microsoft
The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer the implementation uses Buffer.fr2024-02-13
Debian
CVE-2024-21896: nodejs - The permission model protects itself against path traversal attacks by calling p...2024
CVE-2024-21896 (CRITICAL CVSS 9.8) | The permission model protects itsel | cvebase.io