7.9 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
7.9 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.8%
Node.js reports:
Code injection and privilege escalation through Linux capabilities- (High)
http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
Path traversal by monkey-patching Buffer internals- (High)
setuid() does not drop all privileges due to io_uring - (High)
Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | node | =ย 21.0.0 | UNKNOWN |
FreeBSD | any | noarch | node | <ย 21.6.2 | UNKNOWN |
FreeBSD | any | noarch | node16 | =ย 16.0.0 | UNKNOWN |
FreeBSD | any | noarch | node16 | <ย 16.20.3 | UNKNOWN |
FreeBSD | any | noarch | node18 | =ย 18.0.0 | UNKNOWN |
FreeBSD | any | noarch | node18 | <ย 18.19.1 | UNKNOWN |
FreeBSD | any | noarch | node20 | =ย 20.0.0 | UNKNOWN |
FreeBSD | any | noarch | node20 | <ย 20.11.1 | UNKNOWN |
FreeBSD | any | noarch | node21 | =ย 21.0.0 | UNKNOWN |
FreeBSD | any | noarch | node21 | <ย 21.6.2 | UNKNOWN |
7.9 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
7.9 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.8%