CVE-2024-22017 in Node.jsinformation

Résumé

par MITRE • 19/03/2024

setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Réserver

04/01/2024

Divulgation

19/03/2024

Modérer

accepté

Entrée

VDB-254688

CPE

prêt

EPSS

0.00893

KEV

non

Activités

très faible

Sources

Do you need the next level of professionalism?

Upgrade your account now!