VDB

ANCHORE-2024-37372

ANCHORE-2024-37372 PUBLISHED

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.

Affected Products

VendorProductVersions
nodejsnode21, 19, 19

Timeline

  • Jan 9, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›