CVE-2021-22921

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22921

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22921.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-22921

Aliases

Published

2021-07-12T11:15:08Z

Modified

2024-12-16T15:27:57.722341Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

7162e686b18d22b4385fa5c04274fb04dbd810c7

Fixed

4f0a4bf82e2100a5ababc2ab2032fa807dc338e9

Affected versions

v16.*

v16.0.0

v16.1.0

v16.2.0

v16.3.0

v16.4.0