CVE-2024-37372

描述

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.

受影響套件(3)

• Alpine/nodejsfrom 0, < 0
• Bitnami/node>= 19.0.0, < 20.15.1, >= 21.0.0, < 22.4.1
• Bitnami/node-min>= 19.0.0, < 20.18.1, >= 21.0.0, < 22.12.0

CVSS 分數

參考連結(5)

• ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2024-37372
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-37372
• WEBhttps://security.netapp.com/advisory/ntap-20250502-0010/
• WEBhttp://www.openwall.com/lists/oss-security/2024/07/11/6
• WEBhttp://www.openwall.com/lists/oss-security/2024/07/19/3