Home > Vulnerability Database > CVE-2024-37372

Mend.io Vulnerability Database

CVE-2024-37372

Date: January 8, 2025

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. This vulnerability affects Windows users of the Node.js Permission Model in version v22.x and v20.x

Language: C++

Severity Score

5.6

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37372

Url: https://github.com/nodejs/node/commit/d39e993903e27bb5761dd98b0a93964dcaabac65

Url: http://www.openwall.com/lists/oss-security/2024/07/11/6

Url: https://security.netapp.com/advisory/ntap-20250502-0010/

Url: http://www.openwall.com/lists/oss-security/2024/07/19/3

Url: https://www.mend.io/vulnerability-database/CVE-2024-37372

Severity Score

5.6

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37372

Date: January 8, 2025

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?