CVE-2024-21896

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21896
The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

7.9 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/03/11/1
https://hackerone.com/reports/2218653
https://security.netapp.com/advisory/ntap-20240329-0002/
Configurations

No configuration.

History

27 Aug 2024, 16:35

Type Values Removed Values Added
CWE CWE-27

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/03/11/1 -

29 Mar 2024, 13:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240329-0002/ -

20 Feb 2024, 19:50

Type Values Removed Values Added
Summary
  • (es) El modelo de permiso se protege contra ataques de path traversal llamando a path.resolve() en cualquier ruta proporcionada por el usuario. Si la ruta se va a tratar como un búfer, la implementación usa Buffer.from() para obtener un búfer a partir del resultado de path.resolve(). Al parchear los componentes internos del Buffer, es decir, Buffer.prototype.utf8Write, la aplicación puede modificar el resultado de path.resolve(), lo que conduce a una vulnerabilidad de path traversal. Esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permiso experimental en Node.js 20 y Node.js 21. Tenga en cuenta que en el momento en que se emitió este CVE, el modelo de permiso es una característica experimental de Node.js.

20 Feb 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-20 02:15

Updated : 2024-08-27 16:35

NVD link : CVE-2024-21896

Mitre link : CVE-2024-21896

CVE.ORG link : CVE-2024-21896

JSON object : View

Products Affected

No product.

CWE
CWE-27

Path Traversal: 'dir/../../filename'