CVE-2022-32212

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-32212

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32212.json

Aliases

BIT-node-2022-32212

Related

Published

2022-07-14T15:15:08Z

Modified

2023-12-06T01:02:21.029313Z

Details

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

References

https://hackerone.com/reports/1632921

Affected packages

Alpine:v3.13 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.14 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.15 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.16 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.17 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.18 / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

49a77a5a996a49e8cb728eed42e55a7c1a9eef6e

Fixed

0a18e136b4a1e860bb2befcbd1f78661ed5fb5e7

Affected versions

v18.*

v18.0.0

v18.1.0

v18.2.0

v18.3.0

v18.4.0