Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-32212

Опубликовано: 14 июл. 2022
Источник: debian
EPSS Низкий

Описание

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nodejsfixed18.6.0+dfsg-3package

Примечания

  • https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212

  • https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x)

  • https://github.com/nodejs/node/commit/a1121b456c54b16d980881f821cd700c6a4ca537 (14.20.1) (follow-up)

  • https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464 (main)

  • https://github.com/nodejs/node/commit/b358fb27a4253c6827378a64163448c04301e19c (main) (follow-up)

EPSS

Процентиль: 20%
0.00064
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-32212

CVSS3: 8.1
ubuntu
почти 3 года назад

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

redhat логотип

CVE-2022-32212

CVSS3: 7.5
redhat
почти 3 года назад

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

nvd логотип

CVE-2022-32212

CVSS3: 8.1
nvd
почти 3 года назад

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

msrc логотип

CVE-2022-32212

CVSS3: 8.1
msrc
почти 3 года назад

Описание отсутствует

github логотип

GHSA-w95h-2gj2-x2p4

CVSS3: 8.1
github
почти 3 года назад

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

EPSS

Процентиль: 20%
0.00064
Низкий