A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1632921 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2022-07-14T00:00:00
Updated: 2023-02-23T00:00:00
Reserved: 2022-06-01T00:00:00
Link: CVE-2022-32212
JSON object: View
NVD Information
Status : Modified
Published: 2022-07-14T15:15:08.237
Modified: 2023-02-23T20:15:12.057
Link: CVE-2022-32212
JSON object: View
Redhat Information
No data.