CVE-2024-3566

Technical details about CVE-2024-3566 are not provided in the connected documents. The initial description notes a command injection risk, but no affected products, versions, impact, or fixes are specified here. Monitor for updated technical disclosures.

CVE-2024-21890

CVE-2024-21890 affects Node.js where the experimental Permission Model mishandles wildcards in --allow-fs-read/--allow-fs-write, allowing access beyond the intended path due to improper path traversal sanitization. Affected are Node.js 20/21 with the experimental permission model; mitigation is t...

CVE-2024-22019

CVE-2024-22019 affects Node.js HTTP servers. The vulnerability arises from reading an unbounded number of bytes from a single connection due to unbounded chunk extension bytes in chunked encoding, enabling resource exhaustion and DoS. Impact: CPU and network bandwidth exhaustion, bypassing timeou...

CVE-2024-21892

The CVE-2024-21892 vulnerability affects Node.js on Linux where environment-variable handling with elevated privileges is mishandled due to a buggy exemption; unprivileged users could inject code inheriting the process’s privileges. Connected advisories note Node.js updates/fixes in multiple dist...

CVE-2024-21891

CVE-2024-21891 affects Node.js 20/21 when using the experimental permission model. The issue arises from overwriting built-in path normalization used by node:fs, enabling a filesystem permission model bypass via path traversal. Impact is high (confidentiality/integrity/availability could be affec...

CVE-2024-21896

CVE-2024-21896 affects Node.js when using the experimental permission model (Node.js v20/v21). The vulnerability arises from monkey-patching Buffer internals (Buffer.prototype.utf8Write) to modify the result of path.resolve() for user-provided paths, enabling path traversal. Impact is described a...