CVE-2021-22931

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22931
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22931.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22931
Aliases
Downstream
Related
Published
2021-08-16T19:15:13.127Z
Modified
2026-04-10T04:30:15.860815Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

References

Affected packages

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
55ff3f2503007a859219b5e7f68b0f6ca95225f0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.3.3"
        }
    ]
}
Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
2f45ad8060e13d5ac912335096d21526f2f9602b
Last affected
921493e2287aa895679620155b5288b2e1587bfd
Introduced
42cce5a9d0fd905bf4ad7a2528c36572dfb8b5ad
Fixed
151261efb8b85696620f80ecc1f50d9c1f886a1b
Introduced
73aa21658dfa6a22c06451d080152b32b1f98dbe
Last affected
354b6a93bd1d66f1833489d6fe01a2b0e8f6aff9
Introduced
c1da528bc25c9cc5a8240a7b4f136f5968f6e113
Fixed
db159ab870b1aa7f55e4e450c81764f22bf0ef80
Introduced
7162e686b18d22b4385fa5c04274fb04dbd810c7
Fixed
bfe80913e88139da1aa283475cdbc060ea98ae6f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
13b266f4575b8278b1e68ec78599315b9502c1cb
Database specific 
{
    "versions": [
        {
            "introduced": "12.0.0"
        },
        {
            "last_affected": "12.12.0"
        },
        {
            "introduced": "12.13.0"
        },
        {
            "fixed": "12.22.5"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.14.0"
        },
        {
            "introduced": "14.15.0"
        },
        {
            "fixed": "14.17.5"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.6.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "21.2.0"
        }
    ]
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.11.1
v12.12.0
v12.13.0
v12.13.1
v12.14.0
v12.14.1
v12.15.0
v12.16.0
v12.16.1
v12.16.2
v12.16.3
v12.17.0
v12.18.0
v12.18.1
v12.18.2
v12.18.3
v12.18.4
v12.19.0
v12.19.1
v12.2.0
v12.20.0
v12.20.1
v12.20.2
v12.21.0
v12.22.0
v12.22.1
v12.22.2
v12.22.3
v12.22.4
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1
v14.*
v14.0.0
v14.1.0
v14.10.0
v14.10.1
v14.11.0
v14.12.0
v14.13.0
v14.13.1
v14.14.0
v14.15.0
v14.15.1
v14.15.2
v14.15.3
v14.15.4
v14.15.5
v14.16.0
v14.16.1
v14.17.0
v14.17.1
v14.17.2
v14.17.3
v14.17.4
v14.2.0
v14.3.0
v14.4.0
v14.5.0
v14.6.0
v14.7.0
v14.8.0
v14.9.0
v16.*
v16.0.0
v16.1.0
v16.2.0
v16.3.0
v16.4.0
v16.4.1
v16.4.2
v16.5.0
v16.6.0
v16.6.1
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v21.*
v21.0.0
v21.1.0
v21.2.0
v3.*
v3.0.0
vm-19.*
vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-19.3.6
vm-20.*
vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-20.3.2
vm-20.3.3
vm-21.*
vm-21.0.0
vm-21.0.0.2
vm-21.1.0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.26"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.57"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.58"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.59"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.0.1.1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22931.json"