Security Advisory

CVE-2023-30583

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-07 16:00:35

Last updated 2025-04-30 22:24:51

Assigner hackerone

State PUBLISHED

Description

fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

← Browse all CVEs View on cve.org ↗