Path Traversal Vulnerability in Open-Source Software Affecting Various Applications
CVE-2024-37372

Currently unrated

Key Information:

Vendor: Nodejs
Status: Node
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-37372?

This vulnerability arises from a flaw in the permission model of certain open-source applications, which incorrectly assumes that paths beginning with two backslashes '' have an ignorable four-character prefix. This oversight can lead to unintended access and exploitation in edge cases, potentially allowing attackers to bypass security measures and access sensitive data. Software developers are advised to review their path handling logic to mitigate the risks associated with this vulnerability.

Affected Version(s)

node 20.15.0

node 22.4.0

References

http://www.openwall.com/lists/oss-security/2024/07/11/6

http://www.openwall.com/lists/oss-security/2024/07/19/3

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025
Vulnerability Reserved
Jun 7, 2024

Nodejs

What is CVE-2024-37372?

Affected Version(s)

References

Timeline