Node.js before versions 16.4.1, 14.17.2 and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
Node.js before versions 16.4.1, 14.17.2 and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/#windows-installer-node-installer-local-privilege-escalation-medium-cve-2021-22921 https://hackerone.com/reports/1211160 https://github.com/nodejs/node/commit/c6b08f1d04bb3dd0db8e08e261293e4095934f47 https://github.com/nodejs/node/commit/d0b449da1dc405fbb1fa7a217f1934d6a52ba580 https://github.com/nodejs/node/commit/a52790cba097d20c246645827397ffc19fc2e7d9