BIT-node-2021-22921

BIT-node-2021-22921 PUBLISHED CVSS 7.800000190734863 HIGH

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Bitnami	node	12.0.0, 14.0.0, 16.0.0

Exploit Intelligence

https://hackerone.com/reports/1211160 (osv)

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf url
https://hackerone.com/reports/1211160 url
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/ url
https://security.netapp.com/advisory/ntap-20210805-0003/ url
https://nvd.nist.gov/vuln/detail/CVE-2021-22921 url

Open in Interactive Console →