CVE-2021-22921

HIGH7.8EPSS 0.53%

發布日:2024/3/6修改日:2025/4/3

描述

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

受影響套件(2)

Bitnami/node>= 12.0.0, < 12.22.2, >= 14.0.0, < 14.17.2, >= 16.0.0, < 16.4.1
Bitnami/node-min>= 12.0.0, < 12.22.2, >= 14.0.0, < 14.17.2, >= 16.0.0, < 16.4.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(5)

WEBhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
WEBhttps://hackerone.com/reports/1211160
WEBhttps://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-22921
WEBhttps://security.netapp.com/advisory/ntap-20210805-0003/