vulnerability

Amazon Linux 2023: CVE-2024-36137: Medium priority package update for nodejs20

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:L/AC:M/Au:S/C:P/I:P/A:N)	Jul 8, 2024	Feb 17, 2025	Jul 9, 2025

Severity

CVSS

(AV:L/AC:M/Au:S/C:P/I:P/A:N)

Published

Jul 8, 2024

Added

Feb 17, 2025

Modified

Jul 9, 2025

Description

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.

Solutions

amazon-linux-2023-upgrade-nodejs20amazon-linux-2023-upgrade-nodejs20-debuginfoamazon-linux-2023-upgrade-nodejs20-debugsourceamazon-linux-2023-upgrade-nodejs20-develamazon-linux-2023-upgrade-nodejs20-docsamazon-linux-2023-upgrade-nodejs20-full-i18namazon-linux-2023-upgrade-nodejs20-libsamazon-linux-2023-upgrade-nodejs20-libs-debuginfoamazon-linux-2023-upgrade-nodejs20-npmamazon-linux-2023-upgrade-v8-11-3-devel

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today