Unrated severityNVD Advisory· Published Jul 12, 2021· Updated Apr 30, 2025
CVE-2021-22921
CVE-2021-22921
Description
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 12.0.0, < 12.22.2+ 1 more
- (no CPE)range: >= 12.0.0, < 12.22.2
- (no CPE)range: >= 12.0.0, < 12.22.2
Patches
Vulnerability mechanics
References
4- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfmitrex_refsource_CONFIRM
- hackerone.com/reports/1211160mitrex_refsource_MISC
- nodejs.org/en/blog/vulnerability/july-2021-security-releases/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210805-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.