DNS rebinding in --inspect on macOS (CVE-2022-32212) Bypass via obs-fold mechanic (CVE-2022-32213) HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (CVE-2022-35256)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchnodejs< 14.20.1-2.1nodejs-14.20.1-2.1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	nodejs	< 14.20.1-2.1	nodejs-14.20.1-2.1.mga8

References

bugs.mageia.org/show_bug.cgi?id=30887

github.com/nodejs/node/releases/tag/v14.20.1

nodejs.org/en/blog/vulnerability/september-2022-security-releases/

openvas 30

altlinux 1

suse 9

nessus 50

fedora 3

osv 18

ubuntu 1

nodejsblog 1

debian 1

photon 4

ibm 24

veracode 3

hackerone 7

redhatcve 2

ubuntucve 3

f5 1

cbl_mariner 5

cve 3

debiancve 3

prion 3

alpinelinux 3

redhat 7

oraclelinux 5

almalinux 4

rocky 5

github 1

mageia 1

freebsd 1

openvas

Mageia: Security Advisory (MGASA-2022-0354)

2022-10-03 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:3503-1)

2022-10-05 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:3616-1)

2022-10-19 00:00:00

altlinux

Security fix for the ALT Linux 10 package node version 16.17.1-alt1

2022-09-30 00:00:00

suse

Security update for nodejs14 (moderate)

2022-10-18 00:00:00

Security update for nodejs10 (moderate)

2022-11-01 00:00:00

Security update for nodejs12 (moderate)

2022-10-18 00:00:00

nessus

openSUSE 15 Security Update : nodejs10 (SUSE-SU-2022:3835-1)

2023-01-20 00:00:00

SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2022:3516-1)

2022-10-05 00:00:00

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2022:3614-1)

2022-10-19 00:00:00

fedora

[SECURITY] Fedora 36 Update: nodejs-16.18.1-1.fc36

2022-11-29 01:28:04

[SECURITY] Fedora 37 Update: nodejs-18.12.1-1.fc37

2022-11-29 01:13:36

[SECURITY] Fedora 35 Update: nodejs-16.18.1-1.fc35

2022-11-29 00:57:02

osv

nodejs vulnerabilities

2023-11-21 09:15:47

nodejs - security update

2023-01-24 00:00:00

BIT-node-2022-35256

2024-03-06 11:03:03

ubuntu

Node.js vulnerabilities

2023-11-21 00:00:00

nodejsblog

September 23rd 2022 Security Releases

2022-09-15 00:00:00

debian

[SECURITY] [DSA 5326-1] nodejs security update

2023-01-24 20:01:20

photon

Critical Photon OS Security Update - PHSA-2022-0426

2022-07-26 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0426

2022-07-26 00:00:00

Critical Photon OS Security Update - PHSA-2022-0262

2022-10-12 00:00:00

ibm

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow

2022-11-02 09:54:34

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

2022-11-30 10:21:01

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling (CVE-2022-35256)

2022-12-16 19:00:29

veracode

HTTP Request Smuggling

2022-09-27 22:47:16

HTTP Request Smuggling

2022-07-08 08:18:07

OS Command Injection

2022-07-15 10:43:40

hackerone

Node.js: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields

2022-08-20 03:13:30

Node.js: HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

2022-03-28 15:08:54

Node.js: CVE-2022-32213 bypass via obs-fold mechanic

2022-07-07 17:14:53

redhatcve

CVE-2022-35256

2022-09-28 13:49:17

CVE-2022-32213

2022-07-08 19:17:35

ubuntucve

CVE-2022-35256

2022-12-05 00:00:00

CVE-2022-32213

2022-07-14 00:00:00

CVE-2022-32212

2022-07-14 00:00:00

K17011311 : NodeJS vulnerability CVE-2022-35256

2022-12-09 00:00:00

cbl_mariner

CVE-2022-35256 affecting package nodejs 14.20.1-2

2022-12-27 17:55:50

CVE-2022-32213 affecting package nodejs 16.16.0-2

2022-08-31 06:17:55

CVE-2022-32213 affecting package nodejs 14.18.3-1

2022-08-12 16:45:11

cve

CVE-2022-35256

2022-12-05 22:15:00

CVE-2022-32213

2022-07-14 15:15:00

CVE-2022-32212

2022-07-14 15:15:00

debiancve

CVE-2022-35256

2022-12-05 22:15:00

CVE-2022-32213

2022-07-14 15:15:00

CVE-2022-32212

2022-07-14 15:15:00

prion

Design/Logic Flaw

2022-12-05 22:15:00

Code injection

2022-07-14 15:15:00

Command injection

2022-07-14 15:15:00

alpinelinux

CVE-2022-35256

2022-12-05 22:15:00

CVE-2022-32212

2022-07-14 15:15:00

CVE-2022-32213

2022-07-14 15:15:00

redhat

(RHSA-2022:6985) Moderate: nodejs:14 security and bug fix update

2022-10-18 07:45:13

(RHSA-2022:6448) Moderate: nodejs:14 security and bug fix update

2022-09-13 07:36:51

(RHSA-2022:6389) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update

2022-09-08 07:08:33

oraclelinux

nodejs:14 security and bug fix update

2022-09-15 00:00:00

nodejs:16 security and bug fix update

2022-09-15 00:00:00

nodejs:18 security update

2022-11-15 00:00:00

almalinux

Moderate: nodejs:14 security and bug fix update

2022-09-13 00:00:00

Important: nodejs security update

2022-10-18 00:00:00

Important: nodejs:18 security update

2022-11-08 00:00:00

rocky

nodejs:14 security and bug fix update

2022-09-13 07:36:51

nodejs:16 security and bug fix update

2022-09-13 07:36:52

nodejs:18 security update

2022-11-08 10:51:14

github

llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding

2022-07-15 00:00:18

mageia

Updated nodejs packages fix security vulnerability

2022-08-26 00:21:07

freebsd

Node.js -- July 7th 2022 Security Releases

2022-07-05 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for MGASA-2022-0354