← Voltar para CVEs
CVE-2021-22931
CRITICAL9.8
Descricao
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/16/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
netapp:active_iq_unified_managernetapp:nextgen_apinetapp:oncommand_insightnetapp:oncommand_workflow_automationnetapp:snapcenternodejs:node.jsoracle:graalvmoracle:mysql_clusteroracle:peoplesoft_enterprise_peopletoolssiemens:sinec_infrastructure_network_services
Fraquezas (CWE)
CWE-170CWE-20
Referencias
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf(support@hackerone.com)
https://hackerone.com/reports/1178337(support@hackerone.com)
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/(support@hackerone.com)
https://security.gentoo.org/glsa/202401-02(support@hackerone.com)
https://security.netapp.com/advisory/ntap-20210923-0001/(support@hackerone.com)
https://security.netapp.com/advisory/ntap-20211022-0003/(support@hackerone.com)
https://www.oracle.com/security-alerts/cpujan2022.html(support@hackerone.com)
https://www.oracle.com/security-alerts/cpujul2022.html(support@hackerone.com)
https://www.oracle.com/security-alerts/cpuoct2021.html(support@hackerone.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1178337(af854a3a-2127-422b-91ae-364da2661108)
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202401-02(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210923-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20211022-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.