| ID |
CVE-2024-36137
|
| Sažetak |
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file. |
| Reference |
|
| CVSS |
| Base: | 3.3 |
| Impact: | 1.4 |
| Exploitability: | 1.8 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| LOCAL |
LOW |
LOW |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| NONE |
LOW |
NONE |
|
| CVSS vektor |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| Zadnje važnije ažuriranje |
09-09-2024 - 13:03 |
| Objavljeno |
07-09-2024 - 16:15 |
