{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T13:34:09.598","vulnerabilities":[{"cve":{"id":"CVE-2021-22921","sourceIdentifier":"support@hackerone.com","published":"2021-07-12T11:15:08.017","lastModified":"2024-11-21T05:50:55.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking."},{"lang":"es","value":"Node.js versiones anteriores a 16.4.1, 14.17.2 y 12.22.2, es vulnerable a ataques de escalada de privilegios locales bajo determinadas condiciones en plataformas Windows. Más concretamente, una configuración inapropiada de los permisos en el directorio de instalación permite a un atacante llevar a cabo dos ataques de escalada diferentes: PATH y secuestro de DLL"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.22.2","matchCriteriaId":"7AD27D57-32D0-4149-9AB9-BF092356A732"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"14.0.0","versionEndExcluding":"14.17.2","matchCriteriaId":"B0F0E3AC-D47F-44AA-8846-ABE7E492136D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.4.1","matchCriteriaId":"9E32D86B-F137-4195-8AA9-34FF5C0AC50A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","matchCriteriaId":"B0F46497-4AB0-49A7-9453-CC26837BF253"}]}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1211160","source":"support@hackerone.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/","source":"support@hackerone.com","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210805-0003/","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/1211160","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20210805-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}