CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-21891

Medium Severity
Nodejs
SVRS
30/100
CVSSv3
8.8/10
EPSS
0.00079/1

CVE-2024-21891 is a critical path traversal vulnerability in Node.js that allows attackers to bypass filesystem permissions. By overwriting built-in utility functions used for path normalization, malicious actors can manipulate file paths and potentially access or modify sensitive files. This flaw impacts Node.js versions 20 and 21 when using the experimental permission model. Despite a CVSS score of 8.8, SOCRadar's Vulnerability Risk Score (SVRS) is 30, suggesting lower immediate risk compared to other vulnerabilities. However, the "In The Wild" tag indicates that this vulnerability is actively being exploited, requiring vigilance. Successful exploitation can lead to significant data breaches and system compromise. While the permission model is experimental, the potential for abuse makes patching and mitigation crucial for affected users.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-02-20
LAST MODIFIED2025-03-28
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-21891 is a critical vulnerability in Node.js that allows attackers to bypass the filesystem permission model through a path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. The SVRS for this vulnerability is 30, indicating a moderate level of severity.

Key Insights

  • This vulnerability is actively exploited in the wild, meaning that attackers are actively using it to target systems.
  • The vulnerability is caused by a flaw in the way that Node.js handles path normalization, which can allow attackers to overwrite built-in utility functions with user-defined implementations.
  • This vulnerability can be used to gain unauthorized access to files and directories on the target system.

Mitigation Strategies

  • Update to Node.js version 22 or later, which includes a fix for this vulnerability.
  • Disable the experimental permission model in Node.js 20 and Node.js 21.
  • Implement input validation and sanitization to prevent attackers from providing malicious input that could trigger this vulnerability.
  • Monitor systems for suspicious activity and take appropriate action if any suspicious activity is detected.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability, calling for immediate and necessary measures.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

1.818
2025-02-13
1.818 | Newly Added (7)Adobe Photoshop CVE-2025-21127 Privilege Escalation VulnerabilityAdobe Photoshop CVE-2025-21122 VulnerabilityApache Tomcat CVE-2024-38286 Denial of Service VulnerabilitySecurity Vulnerabilities fixed in Google Chrome
fortiguard.com
rss
forum
news
CVE-2024-21891 | Node.js up to 20.11.0/21.6.0 Experimental Permission Model path traversal
vuldb.com2025-02-12
CVE-2024-21891 | Node.js up to 20.11.0/21.6.0 Experimental Permission Model path traversal | A vulnerability was found in Node.js up to 20.11.0/21.6.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Experimental Permission Model. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-21891. Local access is required to approach this
vuldb.com
rss
forum
news
Siemens SINEC INS
CISA2024-11-14
Siemens SINEC INS | As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF
cisa.gov
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
AppNodejsnode.js

References

ReferenceLink
[email protected]https://hackerone.com/reports/2259914
[email protected]https://hackerone.com/reports/2259914
[email protected]https://security.netapp.com/advisory/ntap-20240315-0005/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/11/1
[email protected]https://hackerone.com/reports/2259914
[email protected]https://security.netapp.com/advisory/ntap-20240315-0005/
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/03/11/1
AF854A3A-2127-422B-91AE-364DA2661108https://hackerone.com/reports/2259914
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20240315-0005/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/11/1
[email protected]https://hackerone.com/reports/2259914
[email protected]https://security.netapp.com/advisory/ntap-20240315-0005/
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/03/11/1
AF854A3A-2127-422B-91AE-364DA2661108https://hackerone.com/reports/2259914
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20240315-0005/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/11/1
[email protected]https://hackerone.com/reports/2259914
[email protected]https://security.netapp.com/advisory/ntap-20240315-0005/

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence