{"id":"AZL-35886","summary":"CVE-2024-22017 affecting package libuv for versions less than 1.48.0-1","details":"setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().\nThis allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().\nThis vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.","modified":"2026-04-21T04:25:12.822620Z","published":"2024-03-19T05:15:10Z","upstream":["CVE-2024-22017"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22017"}],"affected":[{"package":{"name":"libuv","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/libuv"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.48.0-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35886.json"}}],"schema_version":"1.7.5"}