Описание
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | Only affects Windows |
| esm-apps/bionic | not-affected | Only affects Windows |
| esm-apps/focal | not-affected | Only affects Windows |
| esm-apps/jammy | not-affected | Only affects Windows |
| esm-apps/noble | not-affected | Only affects Windows |
| esm-apps/xenial | not-affected | Only affects Windows |
| esm-infra-legacy/trusty | not-affected | Only affects Windows |
| focal | not-affected | Only affects Windows |
| jammy | not-affected | Only affects Windows |
| mantic | ignored | end of life, was needs-triage |
Показывать по
EPSS
3.6 Low
CVSS3
Связанные уязвимости
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
The Permission Model assumes that any path starting with two backslash ...
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
Уязвимость компонента Permission Model программной платформы Node.js, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
3.6 Low
CVSS3