Node.js: Experimental Permission Model Vulnerability Allows Unauthorized File Stats Retrieval

In Node.js versions 20 and 21, with the experimental permission model a low severity vulnerability CVE-2024-22018 was detected. This vulnerability allows unauthorized access to file information using the fs.lstat API, even without proper permissions. At the time this CVE was issued, the permission model is an experimental feature of Node.js. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-22018.