CVE-2024-22017 in Node.jsinformazioni

Riassunto

di MITRE • 19/03/2024

setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Fonti

Want to stay up to date on a daily basis?

Enable the mail alert feature now!