High severityNVD Advisory· Published May 16, 2020· Updated Aug 4, 2024
CVE-2020-13110
CVE-2020-13110
Description
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kerberosnpm | < 1.0.0 | 1.0.0 |
Affected products
2- Node.js/kerberos packagedescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-m2mx-rfpw-jghvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13110ghsaADVISORY
- medium.com/%40kiddo_Ha3ker/dll-injection-attack-in-kerberos-npm-package-cb4b32031cdmitrex_refsource_MISC
- medium.com/@kiddo_Ha3ker/dll-injection-attack-in-kerberos-npm-package-cb4b32031cdghsaWEB
- www.linkedin.com/posts/op-innovate_dll-injection-attack-in-kerberos-npm-package-activity-6667043749547253760-kVlWghsax_refsource_MISCWEB
- www.npmjs.com/advisories/1514ghsax_refsource_MISCWEB
- www.op-c.net/2020/05/15/dll-injection-attack-in-kerberos-npm-packageghsaWEB
- www.op-c.net/2020/05/15/dll-injection-attack-in-kerberos-npm-package/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.