Search for vulnerabilities
Vulnerability details: VCID-pg8s-z1fe-aaac
Vulnerability ID VCID-pg8s-z1fe-aaac
Aliases CVE-2024-22020
Summary A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports. Exploiting this flaw can violate network import security, posing a risk to developers and servers.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22020.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.0072 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00737 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00737 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00737 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00737 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
epss 0.00973 https://api.first.org/data/v1/epss?cve=CVE-2024-22020
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22020.json
https://api.first.org/data/v1/epss?cve=CVE-2024-22020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22020
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://hackerone.com/reports/2092749
https://security.netapp.com/advisory/ntap-20241122-0006/
http://www.openwall.com/lists/oss-security/2024/07/11/6
http://www.openwall.com/lists/oss-security/2024/07/19/3
2296417 https://bugzilla.redhat.com/show_bug.cgi?id=2296417
CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020
GLSA-202505-11 https://security.gentoo.org/glsa/202505-11
RHSA-2024:5814 https://access.redhat.com/errata/RHSA-2024:5814
RHSA-2024:5815 https://access.redhat.com/errata/RHSA-2024:5815
RHSA-2024:6147 https://access.redhat.com/errata/RHSA-2024:6147
RHSA-2024:6148 https://access.redhat.com/errata/RHSA-2024:6148
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22020.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.16666
EPSS Score 0.00045
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-07-09T10:29:41.661561+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-22020 34.0.0rc4