CVE-2024-22020

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-22020

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22020.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-22020

Aliases

Downstream

ALPINE-CVE-2024-22020

BELL-CVE-2024-22020

DEBIAN-CVE-2024-22020

DSA-5991-1

ECHO-b543-b469-0d25

OESA-2025-1199

OESA-2025-1200

RHSA-2024:5814

RHSA-2024:5815

RHSA-2024:6147

RHSA-2024:6148

RLSA-2024:5815

RLSA-2024:6147

SUSE-SU-2024:2496-1

SUSE-SU-2024:2542-1

SUSE-SU-2024:2543-1

SUSE-SU-2024:2574-1

UBUNTU-CVE-2024-22020

openSUSE-SU-2024:14214-1

openSUSE-SU-2024:14435-1

Related

Published

2024-07-09T02:15:09Z

Modified

2025-08-29T19:00:07Z

Summary

[none]

Details

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers.

References

Affected packages