CVE-2021-22921 Vulnerability Details

  /     /     /  

CVE-2021-22921 Metadata Quick Info

CVE Published: 12/07/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: hackerone | Vendor: n/a | Product: https://github.com/nodejs/node
Status : PUBLISHED

---

CVE-2021-22921 Description

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-732
CWE Name: Incorrect Permission Assignment for Critical Resource (CWE-732)
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).