{"id":"CVE-2024-36137","details":"A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.\r\n\r\nNode.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.","aliases":["BIT-node-2024-36137","BIT-node-min-2024-36137"],"modified":"2026-04-10T05:13:24.152878Z","published":"2024-09-07T16:15:02Z","related":["ALSA-2024:5814","ALSA-2024:5815","MGASA-2024-0282","SUSE-SU-2024:2543-1","SUSE-SU-2024:2574-1","openSUSE-SU-2024:14214-1","openSUSE-SU-2024:14435-1","openSUSE-SU-2025:15802-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241122-0005/"},{"type":"ARTICLE","url":"https://nodejs.org/en/blog/vulnerability/july-2024-security-releases"}],"schema_version":"1.7.5"}