A vulnerability has been identified in Node.js, affecting...
Low severity
Unreviewed
Published
Sep 7, 2024
to the GitHub Advisory Database
•
Updated Nov 22, 2024
Description
Published by the National Vulnerability Database
Sep 7, 2024
Published to the GitHub Advisory Database
Sep 7, 2024
Last updated
Nov 22, 2024
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
References