Lucene search

CVE-2022-32212

🗓️ 14 Jul 2022 15:08:15Reported by hackeroneType

cve🔗 web.nvd.nist.gov👁 235 Views🌐 7 Media mentions

OS Command Injection vuln in Node.js <14.20.0, <16.20.0, <18.5.0. Insufficient IsAllowedHost check allows bypass & DBS requests, enabling rebinding attacks

Reporter	Title	Published	Views	Family All 179
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution due to CVE-2022-32212	4 Nov 202218:13	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Watson AIOps Infrastructure Automation	21 Oct 202217:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in node.js	8 Aug 202217:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities due to OpenSSL and Node js which affect IBM App Connect Enterprise and IBM Integration Bus	14 Nov 202214:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on IBM Cloud Pak for Data has addressed security vulnerabilities (CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-32222, CVE-2023-26136)	1 Sep 202314:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Event Streams	30 Sep 202214:07	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities	10 Aug 202216:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to HTTP request smuggling due to NodeJS	12 Jul 202218:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related Java SE and Node	22 Sep 202207:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities	5 Dec 202219:00	–	ibm

Nvd

Vulners

Node

nodejs node.jsRange14.0.0–14.14.0-

nodejs node.jsRange14.15.0–14.20.1lts

nodejs node.jsRange16.0.0–16.12.0-

nodejs node.jsRange16.13.0–16.17.1lts

nodejs node.jsRange18.0.0–18.5.0-

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

fedoraproject fedoraMatch35

fedoraproject fedoraMatch36

fedoraproject fedoraMatch37

Node

siemens sinec_insRange<1.0

siemens sinec_insMatch1.0-

siemens sinec_insMatch1.0sp1

[
  {
    "vendor": "n/a",
    "product": "https://github.com/nodejs/node",
    "versions": [
      {
        "version": "Fixed in 14.20.1+, 16.17.1+,18.9.1+",
        "status": "affected"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/1632921

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Jul 2022 15:15Current

8.3High risk

Vulners AI Score8.3

CVSS38.1

EPSS0.001