CVE-2021-22921 - log back

CVE-2021-22921 edited at 02 Jul 2021 09:02:27
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ Node.js before versions 16.4.1, 14.17.2 and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
References
+ https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/#windows-installer-node-installer-local-privilege-escalation-medium-cve-2021-22921
+ https://hackerone.com/reports/1211160
+ https://github.com/nodejs/node/commit/c6b08f1d04bb3dd0db8e08e261293e4095934f47
+ https://github.com/nodejs/node/commit/d0b449da1dc405fbb1fa7a217f1934d6a52ba580
+ https://github.com/nodejs/node/commit/a52790cba097d20c246645827397ffc19fc2e7d9
Notes
CVE-2021-22921 created at 02 Jul 2021 09:00:30