CVE-2024-22017 in Node.jsinformação

Sumário

de MITRE • 19/03/2024

setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Fontes

Interested in the pricing of exploits?

See the underground prices here!