Lucene search
FreeBSD46A9EB0F-D7D2-11EE-BB12-001B217B3468HistoryFeb 20, 2024 - 12:00 a.m.
null -- null
2024-02-2000:00:00
vuxml.freebsd.org
10
node.js
linux
unprivileged users
environment variables
elevated privileges
bug
security
[email protected] reports:
On Linux, Node.js ignores certain environment variables if those
may have been set by an unprivileged user while the process is
running with elevated privileges with the only exception of
CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this
exception, Node.js incorrectly applies this exception even when
certain other capabilities have been set. This allows unprivileged
users to inject code that inherits the processโs elevated
privileges.
References
Related
redhatcve
redhatcve
CVE-2024-21892
2024-02-16 18:20:49
prion
prion
Code injection
2024-02-20 02:15:00
alpinelinux
alpinelinux
CVE-2024-21892
2024-02-20 02:15:50
hackerone
hackerone
Node.js: Code injection and privilege escalation through Linux capabilities
2023-11-03 03:41:28
nessus
nessus
CBL Mariner 2.0 Security Update: nodejs18 / nodejs (CVE-2024-21892)
2024-07-03 00:00:00
RHEL 9 : nodejs:18 (RHSA-2024:1503)
2024-03-25 00:00:00
osv
osv
BIT-node-2024-21892
2024-05-24 07:27:13
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
cve
cve
CVE-2024-21892
2024-02-20 02:15:50
debiancve
debiancve
CVE-2024-21892
2024-02-20 02:15:50
cbl_mariner
cbl_mariner
CVE-2024-21892 affecting package nodejs18 for versions less than 18.20.2-1
2024-05-06 17:48:02
CVE-2024-21892 affecting package nodejs for versions less than 20.14.0-1
2024-06-21 09:32:44
cvelist
cvelist
CVE-2024-21892
2024-02-20 01:31:08
veracode
veracode
Privilege Escalation
2024-02-21 03:05:12
nvd
nvd
CVE-2024-21892
2024-02-20 02:15:50
ubuntucve
ubuntucve
CVE-2024-21892
2024-02-20 00:00:00
almalinux
almalinux
Important: nodejs:18 security update
2024-03-25 00:00:00
Important: nodejs:18 security update
2024-03-26 00:00:00
Important: nodejs:20 security update
2024-04-08 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2024:1880) Important: nodejs:18 security update
2024-04-18 00:58:51
(RHSA-2024:1510) Important: nodejs:18 security update
2024-03-26 09:07:37
(RHSA-2024:1503) Important: nodejs:18 security update
2024-03-25 19:54:22
oraclelinux
oraclelinux
nodejs:18 security update
2024-03-26 00:00:00
nodejs:18 security update
2024-03-26 00:00:00
nodejs:20 security update
2024-04-08 00:00:00
f5
f5
rocky
rocky
nodejs:18 security update
2024-03-27 04:34:32
nodejs:18 security update
2024-03-27 04:35:34
nodejs:20 security update
2024-05-06 13:05:29
mageia
mageia
Updated nodejs yarnpkg packages fix security vulnerabilities
2024-02-23 01:20:27
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0046)
2024-02-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0730-1)
2024-03-01 00:00:00
Node.js 18.x < 18.19.1 Multiple Vulnerabilities - Mac OS X
2024-02-16 00:00:00
freebsd
freebsd
NodeJS -- Vulnerabilities
2024-02-14 00:00:00
nodejsblog
nodejsblog
Wednesday February 14 2024 Security Releases
2024-02-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0586
2024-03-29 00:00:00
kaspersky
kaspersky
KLA65636 Multiple vulnerabilities in Oracle Java SE and GraalVM
2024-04-16 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
7.4 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%
Related for 46A9EB0F-D7D2-11EE-BB12-001B217B3468