How severe is CVE-2024-22018?

This vulnerability has a severity rating of LOW with a CVSS score of 2.9 out of 10.

What type of vulnerability is CVE-2024-22018?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2024-22018 - LOW Severity | CVSS 2.9

Vulnerability Description

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Related Vulnerabilities

CVE-2016-3485

LOW

CVSS:2.9(Low)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.

NVD-CWE-Other2016

CVE-2019-4366

LOW

CVSS:2.9(Low)

IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748.

NVD-CWE-Other2019

CVE-2020-5017

LOW

CVSS:2.9(Low)

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.

NVD-CWE-Other2020

CVE-2022-21311

LOW

CVSS:2.9(Low)

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and p...

NVD-CWE-Other2022

CVE-2022-21312

LOW

CVSS:2.9(Low)

NVD-CWE-Other2022

CVE-2022-21313

LOW

CVSS:2.9(Low)

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerabi...

NVD-CWE-Other2022