CVE-2021-22921 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Privilege escalation
Description	Node.js before versions 16.4.1, 14.17.2 and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2130	nodejs	16.4.0-1	16.4.1-1	Medium	Not affected

References
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/#windows-installer-node-installer-local-privilege-escalation-medium-cve-2021-22921 https://hackerone.com/reports/1211160 https://github.com/nodejs/node/commit/c6b08f1d04bb3dd0db8e08e261293e4095934f47 https://github.com/nodejs/node/commit/d0b449da1dc405fbb1fa7a217f1934d6a52ba580 https://github.com/nodejs/node/commit/a52790cba097d20c246645827397ffc19fc2e7d9

References

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/#windows-installer-node-installer-local-privilege-escalation-medium-cve-2021-22921
https://hackerone.com/reports/1211160
https://github.com/nodejs/node/commit/c6b08f1d04bb3dd0db8e08e261293e4095934f47
https://github.com/nodejs/node/commit/d0b449da1dc405fbb1fa7a217f1934d6a52ba580
https://github.com/nodejs/node/commit/a52790cba097d20c246645827397ffc19fc2e7d9