CVE-2021-22921 log

Source
Severity Medium
Remote No
Type Privilege escalation
Description
Node.js before versions 16.4.1, 14.17.2 and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
Group Package Affected Fixed Severity Status Ticket
AVG-2130 nodejs 16.4.0-1 16.4.1-1 Medium Not affected
References
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/#windows-installer-node-installer-local-privilege-escalation-medium-cve-2021-22921
https://hackerone.com/reports/1211160
https://github.com/nodejs/node/commit/c6b08f1d04bb3dd0db8e08e261293e4095934f47
https://github.com/nodejs/node/commit/d0b449da1dc405fbb1fa7a217f1934d6a52ba580
https://github.com/nodejs/node/commit/a52790cba097d20c246645827397ffc19fc2e7d9