/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-36137

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-36137

CGA ID

CGA-5498-h945-wfrg

Description

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.

Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.

References

  • https://images.chainguard.dev/security/CGA-5498-h945-wfrg
  • https://github.com/advisories/GHSA-q793-mj5v-wh68
  • https://nodejs.org/en/blog/vulnerability/july-2024-security-releases
  • https://security.alpinelinux.org/vuln/CVE-2024-36137
  • https://security-tracker.debian.org/tracker/CVE-2024-36137

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation