Unrated severityNVD Advisory· Published Oct 18, 2023· Updated Nov 3, 2025
CVE-2023-39331
CVE-2023-39331
Description
A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Affected products
35- osv-coords33 versionspkg:apk/chainguard/nodejs-16pkg:apk/chainguard/nodejs-16-docpkg:apk/chainguard/nodejs-18pkg:apk/chainguard/nodejs-18-docpkg:apk/chainguard/nodejs-19pkg:apk/chainguard/nodejs-20pkg:apk/chainguard/nodejs-20-docpkg:apk/wolfi/nodejs-16pkg:apk/wolfi/nodejs-16-docpkg:apk/wolfi/nodejs-18pkg:apk/wolfi/nodejs-18-docpkg:apk/wolfi/nodejs-19pkg:apk/wolfi/nodejs-20pkg:apk/wolfi/nodejs-20-docpkg:bitnami/nodepkg:bitnami/node-minpkg:deb/ubuntu/nodejs@0.10.25~dfsg2-2ubuntu1.2+esm2?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/nodejs@10.19.0~dfsg-3ubuntu1.6?arch=source&distro=focalpkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.6?arch=source&distro=jammypkg:deb/ubuntu/nodejs@18.19.1+dfsg-6ubuntu5?arch=source&distro=noblepkg:deb/ubuntu/nodejs@20.16.0+dfsg-1ubuntu1?arch=source&distro=oracularpkg:deb/ubuntu/nodejs@20.18.1+dfsg-1ubuntu2?arch=source&distro=pluckypkg:deb/ubuntu/nodejs@4.2.6~dfsg-1ubuntu4.2+esm3?arch=source&distro=esm-apps/xenialpkg:deb/ubuntu/nodejs@8.10.0~dfsg-2ubuntu0.4+esm6?arch=source&distro=esm-apps/bionicpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/nodejs-packaging-bundlerpkg:rpm/almalinux/npmpkg:rpm/opensuse/nodejs20&distro=openSUSE%20Tumbleweed
< 0+ 32 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 20.8.0-r0
- (no CPE)range: < 20.8.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 20.8.0-r0
- (no CPE)range: < 20.8.0-r0
- (no CPE)range: >= 20.0.0, < 20.8.1
- (no CPE)range: >= 20.0.0, < 20.8.1
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: < 1:20.8.1-1.module_el8.9.0+3675+0258a6d9
- (no CPE)range: < 1:20.8.1-1.module_el8.9.0+3675+0258a6d9
- (no CPE)range: < 1:20.8.1-1.module_el8.9.0+3675+0258a6d9
- (no CPE)range: < 1:20.8.1-1.module_el8.9.0+3675+0258a6d9
- (no CPE)range: < 3.0.1-1.module_el8.9.0+3675+0258a6d9
- (no CPE)range: < 2021.06-4.module_el8.9.0+3684+11b9e959
- (no CPE)range: < 2021.06-4.module_el8.9.0+3684+11b9e959
- (no CPE)range: < 1:10.1.0-1.20.8.1.1.module_el8.9.0+3675+0258a6d9
- (no CPE)range: < 20.8.1-1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.