PT-2024-1898 · Node.Js+8 · Node.Js+8

Tniessen

Published

2024-02-15

Updated

2025-08-29

CVE-2024-21892

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Node.js (affected versions not specified)

Description The issue is related to incorrect management of code generation in Node.js, allowing unprivileged users to inject code that inherits the process's elevated privileges due to a bug in the implementation of an exception for CAP NET BIND SERVICE. This can lead to code injection and privilege escalation on Linux systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-94

Related Identifiers

ALSA-2024:1503

ALSA-2024:1510

ALSA-2024:1687

ALSA-2024:1688

ALT-PU-2024-3054

AZL-34460

AZL-35052

BDU:2024-01672

BIT-NODE-2024-21892

BIT-NODE-MIN-2024-21892

CESA-2024_1510

CESA-2024_1687

CVE-2024-21892

DSA-5991-1

ECHO-EFE4-3A95-5347

MGASA-2024-0046

OPENSUSE-SU-2024:13697-1

OPENSUSE-SU-2024:13698-1

RHSA-2024:1503

RHSA-2024:1510

RHSA-2024:1687

RHSA-2024:1688

RHSA-2024:1880

RHSA-2024:1932

RHSA-2024_1503

RHSA-2024_1510

RHSA-2024_1687

RHSA-2024_1688

RLSA-2024:1503

RLSA-2024:1510

RLSA-2024:1687

RLSA-2024:1688

SUSE-SU-2024:0643-1

SUSE-SU-2024:0644-1

SUSE-SU-2024:0730-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Node.Js

Red Hat

Red Os

Rocky Linux

Suse

PT-2024-1898 · Node.Js+8 · Node.Js+8

CVE-2024-21892

Weakness Enumeration

Related Identifiers

Affected Products

References · 120