CVE-2021-22921

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-22921
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22921.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22921
Aliases
Published
2021-07-12T11:15:08Z
Modified
2024-06-06T13:34:04.029691Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events

Affected versions

v16.*

v16.0.0
v16.1.0
v16.2.0
v16.3.0
v16.4.0