摘要:
setuid() does not affect libuv s internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().Impacts:This vulnerability affects all users in active release lines: 20.x, and 21.x.
安全等级: Low
公告ID: KylinSec-SA-2024-1087
发布日期: 2024年2月27日
关联CVE: CVE-2024-22017
setuid() does not affect libuv s internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().Impacts:This vulnerability affects all users in active release lines: 20.x, and 21.x.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-22017 | KY3.4-4A | nodejs | Unaffected |
| CVE-2024-22017 | KY3.4-5A | nodejs | Unaffected |
| CVE-2024-22017 | KY3.5.1 | nodejs | Unaffected |
| CVE-2024-22017 | KY3.5.2 | nodejs | Unaffected |
