Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-22921  

Node.js before versions 16.4.1, 14.17.2 and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

Source
Severity Medium

Remote No

Type Privilege escalation

Description 

Node.js before versions 16.4.1, 14.17.2 and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

AVG-2130 nodejs 16.4.0-1 16.4.1-1 Medium Not affected 

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/#windows-installer-node-installer-local-privilege-escalation-medium-cve-2021-22921
https://hackerone.com/reports/1211160
https://github.com/nodejs/node/commit/c6b08f1d04bb3dd0db8e08e261293e4095934f47
https://github.com/nodejs/node/commit/d0b449da1dc405fbb1fa7a217f1934d6a52ba580
https://github.com/nodejs/node/commit/a52790cba097d20c246645827397ffc19fc2e7d9

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started