CVE-2024-37372
Public on 2024-07-09
Modified on 2024-07-09
Description
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
This vulnerability affects Windows users of the Node.js Permission Model in version v22.x and v20.x
This vulnerability affects Windows users of the Node.js Permission Model in version v22.x and v20.x
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | nodejs | Not Affected | ||
| Amazon Linux 2023 | nodejs20 | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.2 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |