vulnerability

Gentoo Linux: CVE-2024-22020: Node.js: Multiple Vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:H/Au:N/C:P/I:C/A:C)

Published

Jul 9, 2024

Added

May 15, 2025

Modified

Mar 31, 2026

Description

A security flaw in Node.js allows a bypass of network import restrictions.
By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security.
Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports.
Exploiting this flaw can violate network import security, posing a risk to developers and servers.

Solution

gentoo-linux-upgrade-net-libs-nodejs

References

CVE-2024-22020
https://attackerkb.com/topics/CVE-2024-22020
CWE-94
EUVD-EUVD-2024-19626
GENTOO-202505-11
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-19626

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report