Описание
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
A flaw was found in Node.js. The Permission Model assumes that any UNC path starting with two backslashes \\ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
Отчет
This vulnerability affects Windows users of the Node.js Permission Model in version v22.x and v20.x. No Red Hat products are affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | nodejs22 | Not affected | ||
| Red Hat Enterprise Linux 8 | nodejs:18/nodejs | Not affected | ||
| Red Hat Enterprise Linux 8 | nodejs:20/nodejs | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.6 Low
CVSS3
Связанные уязвимости
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
The Permission Model assumes that any path starting with two backslash ...
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
Уязвимость компонента Permission Model программной платформы Node.js, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
3.6 Low
CVSS3