Home > Vulnerability Database > CVE-2024-37372

Mend.io Vulnerability Database

CVE-2024-37372

Good to know:

Date: June 7, 2024

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. This vulnerability affects Windows users of the Node.js Permission Model in version v22.x and v20.x

Language: C++

Severity Score

5.6

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37372

Url: https://github.com/nodejs/node/commit/d39e993903e27bb5761dd98b0a93964dcaabac65

Url: https://www.mend.io/vulnerability-database/CVE-2024-37372

Severity Score

5.6

Top Fix

Upgrade Version

Upgrade to version v20.15.1,v22.4.1

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37372

Good to know:

Date: June 7, 2024

Language: C++

Severity Score

Related Resources (3)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?