How severe is CVE-2024-21890?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2024-21890?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2024-21890 - MEDIUM Severity | CVSS 5

Vulnerability Description

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Related Vulnerabilities

CVE-2016-5553

MEDIUM

CVSS:5.0(Medium)

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.

NVD-CWE-Other2016

CVE-2017-10221

MEDIUM

CVSS:5.0(Medium)

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulner...

NVD-CWE-Other2017

CVE-2017-10275

MEDIUM

CVSS:5.0(Medium)

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). The supported version that is affected is AK 2013. Easily exploitable...

NVD-CWE-Other2017

CVE-2017-10428

MEDIUM

CVSS:5.0(Medium)

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows ...

NVD-CWE-Other2017

CVE-2017-2516

MEDIUM

CVSS:5.0(Medium)

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a cr...

NVD-CWE-Other2017

CVE-2017-3475

MEDIUM

CVSS:5.0(Medium)

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 a...

NVD-CWE-Other2017