CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22020 – nodejs: Bypass network import restriction via data URL
https://notcve.org/view.php?id=CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers. Un fallo de seguridad en Node.js permite eludir las restricciones de importación de la red. Al incorporar importaciones fuera de la red en las URL de datos, un atacante puede ejecutar código arbitrario, comprometiendo la seguridad del sistema. Verificada en varias plataformas, la vulnerabilidad se mitiga al prohibir las URL de datos en las importaciones de red. La explotación de este fallo puede violar la seguridad de importación de la red, lo que representa un riesgo para los desarrolladores y servidores. • http://www.openwall.com/lists/oss-security/2024/07/11/6 http://www.openwall.com/lists/oss-security/2024/07/19/3 https://hackerone.com/reports/2092749 https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3566 – Command injection vulnerability in programing languages on Microsoft Windows operating system.
https://notcve.org/view.php?id=CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. • https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows https://kb.cert.org/vuls/id/123335 https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way https://www.cve.org/CVERecord?id=CVE-2024-1874 https://www.cve.org/CVERecord?id=CVE-2024-22423 https://www.cve.org/CVERecord?id=CVE-2024-24576 https://www.kb.cert.org/vuls/id/123335 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22025 – nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service
https://notcve.org/view.php?id=CVE-2024-22025
A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration. Se ha identificado una vulnerabilidad en Node.js, que permite un ataque de denegación de servicio (DoS) por agotamiento de recursos cuando se utiliza la función fetch() para recuperar contenido de una URL que no es de confianza. La vulnerabilidad surge del hecho de que la función fetch() en Node.js siempre decodifica Brotli, lo que hace posible que un atacante provoque el agotamiento de los recursos al recuperar contenido de una URL que no es de confianza. Un atacante que controle la URL pasada a fetch() puede aprovechar esta vulnerabilidad para agotar la memoria, lo que podría provocar la terminación del proceso, según la configuración del sistema. A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. • https://hackerone.com/reports/2284065 https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html https://security.netapp.com/advisory/ntap-20240517-0008 https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22017 – nodejs: setuid() does not drop all privileges due to io_uring
https://notcve.org/view.php?id=CVE-2024-22017
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21. setuid() no afecta las operaciones io_uring internas de libuv si se inicializa antes de la llamada a setuid(). Esto permite que el proceso realice operaciones privilegiadas a pesar de haber perdido dichos privilegios mediante una llamada a setuid(). Esta vulnerabilidad afecta a todos los usuarios que utilizan una versión mayor o igual a Node.js 18.18.0, Node.js 20.4.0 y Node.js 21. A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). • http://www.openwall.com/lists/oss-security/2024/03/11/1 https://hackerone.com/reports/2170226 https://security.netapp.com/advisory/ntap-20240517-0007 https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21896 – nodejs: path traversal by monkey-patching buffer internals
https://notcve.org/view.php?id=CVE-2024-21896
The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. El modelo de permiso se protege contra ataques de path traversal llamando a path.resolve() en cualquier ruta proporcionada por el usuario. Si la ruta se va a tratar como un búfer, la implementación usa Buffer.from() para obtener un búfer a partir del resultado de path.resolve(). • http://www.openwall.com/lists/oss-security/2024/03/11/1 https://hackerone.com/reports/2218653 https://security.netapp.com/advisory/ntap-20240329-0002 https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-27: Path Traversal: 'dir/../../filename' •