← Back to CVEs
CVE-2021-22921
HIGH7.8
Description
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published7/12/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
microsoft:windowsnodejs:node.jssiemens:sinec_infrastructure_network_services
Weaknesses (CWE)
CWE-732CWE-732
References
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf(support@hackerone.com)
https://hackerone.com/reports/1211160(support@hackerone.com)
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/(support@hackerone.com)
https://security.netapp.com/advisory/ntap-20210805-0003/(support@hackerone.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1211160(af854a3a-2127-422b-91ae-364da2661108)
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210805-0003/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.