Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Node.js 安全漏洞
Vulnerability Description
Node.js是一个开源、跨平台的 JavaScript 运行时环境。 Node.js 22.x和20.x版本存在安全漏洞,该漏洞源于文件描述符被标记为read-only的情况下,某些文件系统操作仍然能够改变文件的所有者和权限,从而会被恶意用户利用来提升权限、篡改数据或执行其他未授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A