CVE-2022-32212 - CERT CVE

  1. CVE-2022-32212

ID CVE-2022-32212
Sažetak A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
Reference
CVSS
Base: 8.1
Impact: 5.9
Exploitability:2.2
Pristup
VektorSloženostAutentikacija
NETWORK HIGH -
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje 23-02-2023 - 20:15
Objavljeno 14-07-2022 - 15:15