The host is installed with Node.js 20.0.x before 20.5.1 and is prone to a privilege escalation vulnerability. A flaw is present in the application which fails to properly handle issues in the experimental permission model when the --allow-fs-read flag is used with a non-* argument. Successful exploitation allows attackers to retrieve stats from files that they do not have explicit read access to.