VDB
CVE-2024-37372
CVE-2024-37372
PUBLISHED
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
EPSS 0.07% · 20.8th percentile
Risk Scores
EPSS Score
0.07%
20.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | node | 21.0.0, 21.0.0, 19.0.0 |
| Bitnami | node | 21.0.0, 19.0.0 |
| Bitnami | node-min | 21.0.0, 19.0.0 |
| Bitnami | node-min | 21.0.0, 19.0.0, 19.0.0 |
Exploit Intelligence
- Permission model improperly processes UNC paths (hackerone)
- Permission model improperly processes UNC paths (hackerone)
- Permission model improperly processes UNC paths (hackerone)
- GenerationConfig.java (github-poc)
- SelfAdaptationGenerationConfig.java (github-poc)
- GenerationConfig.java (github-poc)
- GenerationConfig.java (github-poc)
- GenerationConfig.java (github-poc)
- GenerationConfig.java (github-poc)
- GenerationConfig.java (github-poc)
…and 15 more exploits
Timeline
- CVE Published
- Jul 15, 2024 PoC Published
- Jan 9, 2025 EPSS Score
- Jan 25, 2025 EPSS Score
- Feb 9, 2025 EPSS Score
- Feb 25, 2025 EPSS Score
- Mar 5, 2025 Coalition ESS Score
- Mar 13, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Apr 13, 2025 EPSS Score
- Apr 29, 2025 EPSS Score
- May 15, 2025 EPSS Score