Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-22017

Published: 19 March 2024

setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.

Priority

Medium

Status

Package Release Status
nodejs
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

mantic Needs triage

trusty Needs triage

upstream Not vulnerable
(debian: Only affects 20.x and later)
xenial Needs triage