VDB
ANCHORE-2024-37372
ANCHORE-2024-37372
PUBLISHED
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nodejs | node | 21, 19, 19 |
Timeline
- Jan 9, 2025 CVE Published