Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDB9210706-FEB0-11EC-81FA-1C697A616631
HistoryJul 05, 2022 - 12:00 a.m.

Node.js -- July 7th 2022 Security Releases

2022-07-0500:00:00
vuxml.freebsd.org
39

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

78.5%

JSON

Node.js reports:

HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding
(Medium)(CVE-2022-32213)
The llhttp parser in the http module does not correctly parse and
validate Transfer-Encoding headers. This can lead to HTTP Request
Smuggling (HRS).
HTTP Request Smuggling - Improper Delimiting of Header Fields
(Medium)(CVE-2022-32214)
The llhttp parser in the http module does not strictly use the CRLF
sequence to delimit HTTP requests. This can lead to HTTP Request
Smuggling (HRS).
HTTP Request Smuggling - Incorrect Parsing of Multi-line
Transfer-Encoding (Medium)(CVE-2022-32215)
The llhttp parser in the http module does not correctly handle
multi-line Transfer-Encoding headers. This can lead to HTTP Request
Smuggling (HRS).
DNS rebinding in --inspect via invalid IP addresses
(High)(CVE-2022-32212)
The IsAllowedHost check can easily be bypassed because IsIPAddress
does not properly check if an IP address is invalid or not. When an
invalid IPv4 address is provided (for instance 10.0.2.555 is
provided), browsers (such as Firefox) will make DNS requests to the
DNS server, providing a vector for an attacker-controlled DNS server
or a MITM who can spoof DNS responses to perform a rebinding attack
and hence connect to the WebSocket debugger, allowing for arbitrary
code execution. This is a bypass of CVE-2021-22884.
Attempt to read openssl.cnf from /home/iojs/build/ upon startup
(Medium)(CVE-2022-32222)
When Node.js starts on linux based systems, it attempts to read
/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf,
which ordinarily doesn’t exist. On some shared systems an attacker may
be able create this file and therefore affect the default OpenSSL
configuration for other users.
OpenSSL - AES OCB fails to encrypt some bytes
(Medium)(CVE-2022-2097)
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly
optimised implementation will not encrypt the entirety of the data
under some circumstances. This could reveal sixteen bytes of data that
was preexisting in the memory that wasn’t written. In the special case
of “in place” encryption, sixteen bytes of the plaintext would be
revealed. Since OpenSSL does not support OCB based cipher suites for
TLS and DTLS, they are both unaffected.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchnode= 14.0.0UNKNOWN
FreeBSDanynoarchnode< 14.20.0UNKNOWN
FreeBSDanynoarchnode16< 16.16.0UNKNOWN
FreeBSDanynoarchnode14< 14.20.0UNKNOWN

Related

nessus 37
openvas 31
ibm 23
nodejsblog 2
photon 3
suse 8
mageia 2
almalinux 2
osv 14
redhat 5
oraclelinux 3
rocky 3
ubuntu 2
redhatcve 5
debian 1
fedora 3
debiancve 4
ics 1
veracode 6
cve 3
ubuntucve 5
hackerone 9
cvelist 4
alpinelinux 5
prion 5
nvd 3
altlinux 1
github 1
cbl_mariner 6
freebsd 1
broadcom 1
nessus
nessus
FreeBSD : Node.js -- July 7th 2022 Security Releases (b9210706-feb0-11ec-81fa-1c697a616631)
2022-07-08 00:00:00
Node.js 14.x < 14.20.0 / 16.x < 16.16.0 / 18.x < 18.5.0 Multiple Vulnerabilities (July 7th 2022 Security Releases).
2022-10-03 00:00:00
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:2417-1)
2022-07-21 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2417-1)
2022-07-18 00:00:00
Node.js 14.x < 14.20.0, 16.x < 16.16.0, 18.x < 18.5.0 Multiple Vulnerabilities - Mac OS X
2022-07-12 00:00:00
Node.js 14.x < 14.20.0, 16.x < 16.16.0, 18.x < 18.5.0 Multiple Vulnerabilities - Windows
2022-07-12 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in node.js
2022-09-29 15:31:39
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Event Streams
2022-09-30 14:07:36
Security Bulletin: IBM Cognos Dashboards on IBM Cloud Pak for Data has addressed security vulnerabilities (CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-32222, CVE-2023-26136)
2023-09-01 14:38:22
nodejsblog
nodejsblog
July 7th 2022 Security Releases
2022-07-07 00:00:00
September 23rd 2022 Security Releases
2022-09-15 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0426
2022-07-26 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0426
2022-07-26 00:00:00
Critical Photon OS Security Update - PHSA-2022-0262
2022-10-12 00:00:00
suse
suse
Security update for nodejs14 (important)
2022-07-18 00:00:00
Security update for nodejs16 (important)
2022-07-26 00:00:00
Security update for nodejs12 (important)
2022-07-18 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2022-08-26 00:21:07
Updated nodejs packages fix security vulnerability
2022-10-01 20:48:24
almalinux
almalinux
Moderate: nodejs:14 security and bug fix update
2022-09-13 00:00:00
Moderate: nodejs and nodejs-nodemon security and bug fix update
2022-09-20 00:00:00
osv
osv
Moderate: nodejs:14 security and bug fix update
2022-09-13 00:00:00
Moderate: nodejs:14 security and bug fix update
2022-09-13 07:36:51
nodejs vulnerabilities
2023-11-21 09:15:47
redhat
redhat
(RHSA-2022:6985) Moderate: nodejs:14 security and bug fix update
2022-10-18 07:45:13
(RHSA-2022:6448) Moderate: nodejs:14 security and bug fix update
2022-09-13 07:36:51
(RHSA-2022:6389) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update
2022-09-08 07:08:33
oraclelinux
oraclelinux
nodejs:14 security and bug fix update
2022-09-15 00:00:00
nodejs:16 security and bug fix update
2022-09-15 00:00:00
nodejs and nodejs-nodemon security and bug fix update
2022-09-22 00:00:00
rocky
rocky
nodejs:14 security and bug fix update
2022-09-13 07:36:51
nodejs:16 security and bug fix update
2022-09-13 07:36:52
nodejs and nodejs-nodemon security and bug fix update
2022-09-20 11:37:49
ubuntu
ubuntu
Node.js vulnerabilities
2023-11-21 00:00:00
OpenSSL vulnerability
2022-07-05 00:00:00
redhatcve
redhatcve
CVE-2022-32212
2022-07-08 18:43:57
CVE-2022-32222
2022-07-08 19:17:55
CVE-2022-32214
2022-07-18 12:19:11
debian
debian
[SECURITY] [DSA 5326-1] nodejs security update
2023-01-24 20:01:20
fedora
fedora
[SECURITY] Fedora 37 Update: nodejs-18.12.1-1.fc37
2022-11-29 01:13:36
[SECURITY] Fedora 36 Update: nodejs-16.18.1-1.fc36
2022-11-29 01:28:04
[SECURITY] Fedora 35 Update: nodejs-16.18.1-1.fc35
2022-11-29 00:57:02
debiancve
debiancve
CVE-2022-32222
2022-07-14 15:15:08
CVE-2022-32214
2022-07-14 15:15:08
CVE-2022-32213
2022-07-14 15:15:08
ics
ics
Siemens SINEC INS
2023-01-17 12:00:00
veracode
veracode
Insecure Cryptography
2022-07-15 12:11:39
HTTP Request Smuggling
2022-07-08 18:20:52
DNS Rebinding
2021-02-24 17:20:17
cve
cve
CVE-2022-32222
2022-07-14 15:15:08
CVE-2022-32214
2022-07-14 15:15:08
CVE-2022-32213
2022-07-14 15:15:08
ubuntucve
ubuntucve
CVE-2022-32222
2022-07-14 00:00:00
CVE-2022-32214
2022-07-14 00:00:00
CVE-2022-32213
2022-07-14 00:00:00
hackerone
hackerone
Internet Bug Bounty: Inadequate Encryption Strength in nodejs-current reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
2023-02-28 04:49:13
Node.js: Node 18 reads openssl.cnf from /home/iojs/build/... upon startup.
2022-07-03 04:17:48
Node.js: Node 18 reads openssl.cnf from /home/iojs/build/... upon startup on MacOS
2022-09-08 19:43:15
cvelist
cvelist
CVE-2022-32222
2022-07-14 00:00:00
CVE-2022-32214
2022-07-14 00:00:00
CVE-2022-32215
2022-07-14 00:00:00
alpinelinux
alpinelinux
CVE-2022-32222
2022-07-14 15:15:08
CVE-2022-32214
2022-07-14 15:15:08
CVE-2022-32215
2022-07-14 15:15:08
prion
prion
Design/Logic Flaw
2022-07-14 15:15:00
Crlf injection
2022-07-14 15:15:00
Code injection
2022-07-14 15:15:00
nvd
nvd
CVE-2022-32222
2022-07-14 15:15:08
CVE-2022-32214
2022-07-14 15:15:08
CVE-2022-32213
2022-07-14 15:15:08
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.17.1-alt1
2022-09-30 00:00:00
github
github
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
2022-07-15 00:00:18
cbl_mariner
cbl_mariner
CVE-2022-32214 affecting package nodejs 14.18.3-1
2022-08-12 16:45:11
CVE-2022-32214 affecting package nodejs for versions less than 16.16.0-1
2022-08-31 06:17:55
CVE-2022-32213 affecting package nodejs for versions less than 16.20.2-4
2022-08-31 06:17:55
freebsd
freebsd
OpenSSL -- AES OCB fails to encrypt some bytes
2022-07-05 00:00:00
broadcom
broadcom
AES OCB fails to encrypt some bytes
2023-08-01 00:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

78.5%

JSON
Related for B9210706-FEB0-11EC-81FA-1C697A616631
nessus37openvas31ibm23nodejsblog2photon3suse8mageia2almalinux2osv14redhat5oraclelinux3rocky3ubuntu2redhatcve5debian1fedora3debiancve4ics1veracode6cve3ubuntucve5hackerone9cvelist4alpinelinux5prion5nvd3altlinux1github1cbl_mariner6freebsd1broadcom1