A security flaw in Node.js allows a bypass of network import restrictions.
By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.
Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.
Exploiting this flaw can violate network import security, posing a risk to developers and servers.
Metrics
Affected Vendors & Products
References
History
Mon, 26 Aug 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2024-07-09T01:07:28.098Z
Updated: 2024-08-01T22:35:34.646Z
Reserved: 2024-01-04T01:04:06.574Z
Link: CVE-2024-22020
Vulnrichment
Updated: 2024-08-01T22:35:34.646Z
NVD
Status : Awaiting Analysis
Published: 2024-07-09T02:15:09.973
Modified: 2024-07-19T14:15:05.863
Link: CVE-2024-22020
Redhat