Lucene search
HackeroneCVELIST:CVE-2021-22921HistoryJul 12, 2021 - 10:22 a.m.
CVE-2021-22921
2021-07-1210:22:24
CWE-732
hackerone
www.cve.org
2
0.001 Low
EPSS
Percentile
31.6%
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
CNA Affected
[
{
"product": "https://github.com/nodejs/node",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 16.4.1, 14.17.2, and 12.22.2"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2021-07-12 11:15:00
cve
cve
CVE-2021-22921
2021-07-12 11:15:08
debiancve
debiancve
CVE-2021-22921
2021-07-12 11:15:08
osv
osv
CVE-2021-22921
2021-07-12 11:15:08
BIT-node-2021-22921
2024-03-06 11:06:44
ubuntucve
ubuntucve
CVE-2021-22921
2021-07-12 00:00:00
nvd
nvd
CVE-2021-22921
2021-07-12 11:15:08
openvas
openvas
ibm
ibm
hackerone
hackerone
Node.js: Node Installer Local Privilege Escalation
2021-05-28 00:40:40
nodejsblog
nodejsblog
July 2021 Security Releases
2021-07-01 00:00:00
nessus
nessus
freebsd
freebsd
Node.js -- July 2021 Security Releases
2021-07-01 00:00:00
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00