CentOS Linux: CVE-2023-39331: Important: nodejs:20 security update (CESA-2023:7205)

CentOS Linux: CVE-2023-39331: Important: nodejs:20 security update (CESA-2023:7205)

Severity

8

CVSS

(AV:N/AC:L/Au:N/C:N/I:C/A:N)

Published

10/18/2023

Created

11/16/2023

Added

11/15/2023

Modified

01/28/2025

Description

A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Solution(s)

• centos-upgrade-nodejs
• centos-upgrade-nodejs-debuginfo
• centos-upgrade-nodejs-debugsource
• centos-upgrade-nodejs-devel
• centos-upgrade-nodejs-docs
• centos-upgrade-nodejs-full-i18n
• centos-upgrade-nodejs-nodemon
• centos-upgrade-nodejs-packaging
• centos-upgrade-nodejs-packaging-bundler
• centos-upgrade-npm

References

• CVE-2023-39331