CVE-2021-21130: 
Node.js vulnerability analysis and mitigation

Insufficient policy enforcement in File System API in Google Chrome prior to version 88.0.4324.96 was identified as CVE-2021-21130. The vulnerability was discovered and reported by Maciej Pulikowski on October 20, 2020, and was publicly disclosed in January 2021. This security flaw affected Google Chrome browsers and other Chromium-based browsers like Microsoft Edge (Chrome Release, NVD).

The vulnerability received a CVSS v3.1 base score of 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The flaw exists in the File System API implementation where insufficient policy enforcement could allow bypass of filesystem restrictions. The vulnerability requires user interaction through a crafted HTML page to be exploited (NVD).

If successfully exploited, this vulnerability allows a remote attacker to bypass filesystem restrictions through a specially crafted HTML page. The impact primarily affects the integrity of the system, with no direct impact on confidentiality or availability (NVD).

The vulnerability was patched in Google Chrome version 88.0.4324.96. Users and administrators are advised to update to this version or later to mitigate the risk. Microsoft Edge Chromium users should update to version 88.0.705.50 or later (Chrome Release).