Vulnerability in Libuv_project Libuv

CVE-2015-0278

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

EPSS: 0.016 (82.0th percentile) — read the EPSS interpretation.

Affected products

Libuv_project Libuv
Nodejs Node.js
Fedoraproject Fedora — versions 21
N/a — versions n/a

Weakness classification (CWE)

CWE-273 — Improper Check for Dropped Privileges

References

secalert@redhat.com (x_refsource_CONFIRM)
MDVSA-2015:228 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
FEDORA-2015-2313 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
GLSA-201611-10 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)