libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.
References
Link | Resource |
---|---|
http://advisories.mageia.org/MGASA-2015-0186.html | Third Party Advisory |
http://www.mandriva.com/security/advisories?name=MDVSA-2015:228 | Third Party Advisory |
https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c | Patch Third Party Advisory |
https://github.com/libuv/libuv/pull/215 | Third Party Advisory |
https://groups.google.com/forum/#%21msg/libuv/0JZxwLMtsMI/jraczskYWWQJ | |
https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html | Third Party Advisory |
https://security.gentoo.org/glsa/201611-10 | Third Party Advisory |
Configurations
History
12 Feb 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 Aug 2022, 13:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-273 | |
CPE | cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* | |
References | (CONFIRM) http://advisories.mageia.org/MGASA-2015-0186.html - Third Party Advisory | |
References | (CONFIRM) https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c - Patch, Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2015:228 - Third Party Advisory | |
References | (CONFIRM) https://github.com/libuv/libuv/pull/215 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150526.html - Third Party Advisory | |
References | (CONFIRM) https://groups.google.com/forum/#!msg/libuv/0JZxwLMtsMI/jraczskYWWQJ - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201611-10 - Third Party Advisory | |
First Time |
Nodejs
Nodejs node.js |
Information
Published : 2015-05-18 15:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-0278
Mitre link : CVE-2015-0278
CVE.ORG link : CVE-2015-0278
JSON object : View
Products Affected
fedoraproject
- fedora
nodejs
- node.js
libuv_project
- libuv
CWE
CWE-273
Improper Check for Dropped Privileges