CVE-2021-22921

High

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows…

hackerone·CWE-732·Published 2021-07-12

CVSS

7.8

EPSS

0.07

KEV

Exploits

cve.orgen

317 chars

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

NVDen

317 chars

NVDes

363 chars

Node.js versiones anteriores a 16.4.1, 14.17.2 y 12.22.2, es vulnerable a ataques de escalada de privilegios locales bajo determinadas condiciones en plataformas Windows. Más concretamente, una configuración inapropiada de los permisos en el directorio de instalación permite a un atacante llevar a cabo dos ataques de escalada diferentes: PATH y secuestro de DLL

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H