CVE-2024-22017 in Node.js
Sumário
de MITRE • 19/03/2024
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.