The version of Node.js installed on the remote host is prior to 18.20.2, 20.12.2, 21.7.3. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday, April 10, 2024 Security Releases advisory.
- Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
Note that Nessus has not tested for these issues but has instead relied only on the applicationโs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(193580);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/14");
script_cve_id("CVE-2024-27980");
script_name(english:"Node.js 18.x < 18.20.2 / 20.x < 20.12.2 / 21.x < 21.7.3 Multiple Vulnerabilities (Wednesday, April 10, 2024 Security Releases).");
script_set_attribute(attribute:"synopsis", value:
"Node.js - JavaScript run-time environment is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Node.js installed on the remote host is prior to 18.20.2, 20.12.2, 21.7.3. It is, therefore, affected by
multiple vulnerabilities as referenced in the Wednesday, April 10, 2024 Security Releases advisory.
- Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious
command line argument can inject arbitrary commands and achieve code execution even if the shell option is not
enabled.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f839ef4");
script_set_attribute(attribute:"solution", value:
"Upgrade to Node.js version 18.20.2 / 20.12.2 / 21.7.3 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-27980");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/09");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nodejs:node.js");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nodejs_win_installed.nbin");
script_require_keys("installed_sw/Node.js", "SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Node.js', win_local:true);
vcf::check_granularity(app_info:app_info, sig_segments:3);
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{ 'min_version' : '18.0.0', 'fixed_version' : '18.20.2' },
{ 'min_version' : '20.0.0', 'fixed_version' : '20.12.2' },
{ 'min_version' : '21.0.0', 'fixed_version' : '21.7.3' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);