Primary

Context

Node.js Permission Model UNC Path Processing Vulnerability

Vulnerability

Patched

A vulnerability exists in the Node.js Permission Model on Windows, specifically in versions 20.0.0 prior to 20.15.0 and 22.0.0 prior to 22.4.0. The issue arises because the Permission Model incorrectly assumes that any path beginning with two backslashes has a four-character prefix that can be disregarded, which is not always the case. This flaw can lead to vulnerable edge cases.

Impact

Exploitation of this vulnerability could result in unauthorized access to files or data, allowing for potential disclosure of sensitive information or unauthorized modification of data.

Remediation

Users can upgrade to Node.js versions 20.15.1 or 22.4.1 to address this vulnerability. NetApp products incorporating Node.js should also be updated.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

3.1

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Node.js Permission Model UNC Path Processing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Node.js

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating