BIT-node-2024-22020

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2024-22020.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-node-2024-22020
Aliases
Published
2024-07-11T07:28:44.706Z
Modified
2024-11-27T19:40:48.342Z
Summary
[none]
Details

A security flaw in Node.js allows a bypass of network import restrictions.By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.Exploiting this flaw can violate network import security, posing a risk to developers and servers.

Database specific
{
    "cpes": [
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / node

Package

Name
node
Purl
pkg:bitnami/node

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
19.0.0
Fixed
20.15.1
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.20.4
Introduced
21.0.0
Fixed
22.4.1