Local Privilege Escalation Vulnerability in Node.js on Windows Platforms

Local Privilege Escalation Vulnerability in Node.js on Windows Platforms

CVE-2021-22921 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.

Learn more about our Web Application Penetration Testing UK.