Wind River Support Network

HomeDefectsLIN1022-5645
Fixed

LIN1022-5645 : Security Advisory - nodejs - CVE-2023-39331

Created: Oct 15, 2023    Updated: Jan 26, 2026
Resolved Date: Oct 13, 2025
Found In Version: 10.22.33.1
Fix Version: 10.22.33.13
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations.

Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

https://nvd.nist.gov/vuln/detail/CVE-2023-39331
  • Linkedin
  • Facebook
  • Twitter
  • Youtube