Vulnerability Description
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/07/11/6
- http://www.openwall.com/lists/oss-security/2024/07/19/3
- https://hackerone.com/reports/2092749
- http://www.openwall.com/lists/oss-security/2024/07/11/6
- http://www.openwall.com/lists/oss-security/2024/07/19/3
- https://hackerone.com/reports/2092749
- https://security.netapp.com/advisory/ntap-20241122-0006/
FAQ
What is CVE-2024-22020?
CVE-2024-22020 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verifie...
How severe is CVE-2024-22020?
CVE-2024-22020 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22020?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.