What is CVE-2024-21892?

CVE-2024-21892 is a high-severity vulnerability in Nodejs Node. CVSS score: 7.5/10. Published 2024-02-20.

How severe is CVE-2024-21892?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2024-21892 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Nodejs Node

CVE-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implement…

EPSS: 0.004 (63.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N.

Affected products

Nodejs Node — versions 4.0, 5.0, 6.0

Public proof-of-concept exploits

Aashini4001/Elevate-labs-task-3
Cybervixy/Vulnerability-Management
Ki1shan/-Basic-Vulnerability-Scan
KshitijPatil08/Elevate-Task3
NaInSec/CVE-LIST
Oju-kwu/Vulnerability-Management-Lab
Oluwaseun-Joseph/Credentialed-Vulnerability-Assessment-Lab
PrasannaSrinivasK/Task-3
Sarath-P-2/vulnerability-scan
Teedico/Nessus_

References

hackerone.com/reports/2237545
security.netapp.com/advisory/ntap-20240322-0003/
www.openwall.com/lists/oss-security/2024/03/11/1

Frequently asked questions

What is CVE-2024-21892?: CVE-2024-21892 is a high-severity vulnerability in Nodejs Node. CVSS score: 7.5/10. Published 2024-02-20.
How severe is CVE-2024-21892?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2024-21892 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.