High severity7.3NVD Advisory· Published Mar 19, 2024· Updated Apr 15, 2026
CVE-2024-22017
CVE-2024-22017
Description
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- Package: https://pypi.org/project/node
- osv-coords15 versionspkg:bitnami/nodepkg:bitnami/node-minpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/nodejs-packaging-bundlerpkg:rpm/almalinux/npmpkg:rpm/opensuse/nodejs20&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/nodejs20&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs21&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs-electron&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP5
>= 20.0.0, < 20.11.1+ 14 more
- (no CPE)range: >= 20.0.0, < 20.11.1
- (no CPE)range: >= 20.0.0, < 20.11.1
- (no CPE)range: < 1:20.11.1-1.module_el8.9.0+3775+d8460d35
- (no CPE)range: < 1:20.11.1-1.module_el8.9.0+3775+d8460d35
- (no CPE)range: < 1:20.11.1-1.module_el8.9.0+3775+d8460d35
- (no CPE)range: < 1:20.11.1-1.module_el8.9.0+3775+d8460d35
- (no CPE)range: < 3.0.1-1.module_el8.9.0+3731+490e3ce5
- (no CPE)range: < 2021.06-4.module_el8.9.0+3684+11b9e959
- (no CPE)range: < 2021.06-4.module_el8.9.0+3684+11b9e959
- (no CPE)range: < 1:10.2.4-1.20.11.1.1.module_el8.9.0+3775+d8460d35
- (no CPE)range: < 20.11.1-150500.11.6.1
- (no CPE)range: < 20.11.1-1.1
- (no CPE)range: < 21.6.2-1.1
- (no CPE)range: < 29.4.0-1.1
- (no CPE)range: < 20.11.1-150500.11.6.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.