CVE-2021-22921 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-22921 PUBLISHED CVSS 8.5 HIGH

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

EPSS 0.53% · 66.9th percentile

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.53%

66.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	node	12.0.0, 16.0.0, 14.0.0
Bitnami	node-min	16.0.0, 16.0.0, 12.0.0
Bitnami	node-min	16.0.0, 14.0.0, 12.0.0
Bitnami	node	16.0.0, 14.0.0, 12.0.0

Timeline

CVE Published
Jul 1, 2021 PoC Published
Jul 13, 2021 EPSS Score
Jul 16, 2021 EPSS Score
Aug 6, 2021 EPSS Score
Nov 8, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 6, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 5, 2022 EPSS Score
Sep 1, 2022 EPSS Score

References

Open in Interactive Console →