A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://vulners.com/cve/CVE-2022-32212 was incomplete and this new CVE is to complete the fix.

References

lists.debian.org/debian-lts-announce/2023/02/msg00038.html

nodejs.org/en/blog/vulnerability/november-2022-security-releases/

security.netapp.com/advisory/ntap-20230120-0004/

security.netapp.com/advisory/ntap-20230427-0007/

www.debian.org/security/2023/dsa-5326

cve 2

nessus 62

f5 1

osv 19

cvelist 2

alpinelinux 2

debiancve 2

ubuntucve 2

nvd 2

ibm 16

redhatcve 2

hackerone 4

altlinux 2

openvas 34

cbl_mariner 4

mageia 2

veracode 2

prion 1

ubuntu 1

debian 3

almalinux 5

redhat 8

oraclelinux 6

rocky 5

nodejsblog 1

suse 4

photon 2

fedora 3

cve

CVE-2022-43548

2022-12-05 22:15:10

CVE-2022-32212

2022-07-14 15:15:08

nessus

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:4003-1)

2022-11-16 00:00:00

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2022:4255-1)

2022-11-29 00:00:00

SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2022:3968-1)

2022-11-15 00:00:00

K000133494 : Node.js vulnerability CVE-2022-43548

2023-04-12 00:00:00

osv

BIT-node-2022-43548

2024-03-06 11:02:30

CVE-2022-43548

2022-12-05 22:15:10

BIT-node-2022-32212

2024-03-06 11:04:18

cvelist

CVE-2022-43548

2022-12-05 00:00:00

CVE-2022-32212

2022-07-14 00:00:00

alpinelinux

CVE-2022-43548

2022-12-05 22:15:10

CVE-2022-32212

2022-07-14 15:15:08

debiancve

CVE-2022-43548

2022-12-05 22:15:10

CVE-2022-32212

2022-07-14 15:15:08

ubuntucve

CVE-2022-43548

2022-12-05 00:00:00

CVE-2022-32212

2022-07-14 00:00:00

nvd

CVE-2022-43548

2022-12-05 22:15:10

CVE-2022-32212

2022-07-14 15:15:08

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [CVE-2022-43548]

2023-02-02 20:20:11

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2022-43548 in Node.js

2023-03-03 15:29:03

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js command execution vulnerability (CVE-2022-43548)

2023-02-03 16:21:43

redhatcve

CVE-2022-43548

2022-11-08 07:56:08

CVE-2022-32212

2022-07-08 18:43:57

hackerone

Node.js: DNS rebinding in --inspect via invalid octal IP address

2022-09-23 19:28:01

Node.js: DNS rebinding in --inspect (again) via invalid IP addresses

2022-05-18 05:48:02

Node.js: DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)

2022-07-10 18:01:38

altlinux

Security fix for the ALT Linux 10 package node version 16.18.1-alt1

2023-03-18 00:00:00

Security fix for the ALT Linux 10 package node version 16.17.1-alt1

2022-09-30 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:3989-1)

2022-11-16 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:3967-1)

2022-11-15 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4301-1)

2022-12-02 00:00:00

cbl_mariner

CVE-2022-43548 affecting package nodejs 14.20.1-2

2022-12-27 17:55:50

CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2

2022-12-19 20:12:43

CVE-2022-32212 affecting package nodejs for versions less than 16.20.2-4

2022-08-31 06:17:55

mageia

Updated nodejs packages fix security vulnerability

2022-11-13 05:25:20

Updated nodejs packages fix security vulnerability

2022-10-01 20:48:24

veracode

Arbitrary Code Execution

2022-11-06 14:52:02

OS Command Injection

2022-07-15 10:43:40

prion

Command injection

2022-07-14 15:15:00

ubuntu

Node.js vulnerabilities

2023-11-21 00:00:00

debian

[SECURITY] [DSA 5326-1] nodejs security update

2023-01-24 20:01:20

[SECURITY] [DLA 3344-1] nodejs security update

2023-02-26 01:17:34

[SECURITY] [DLA 3137-1] nodejs security update

2022-10-05 15:18:22

almalinux

Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 00:00:00

Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 00:00:00

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-01-23 00:00:00

redhat

(RHSA-2022:8833) Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:28

(RHSA-2022:8832) Moderate: nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:25

(RHSA-2023:0321) Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-01-23 14:30:11

oraclelinux

nodejs:18 security, bug fix, and enhancement update

2022-12-08 00:00:00

nodejs:18 security, bug fix, and enhancement update

2022-12-09 00:00:00

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-01-24 00:00:00

rocky

nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:28

nodejs:18 security, bug fix, and enhancement update

2022-12-06 15:25:25

nodejs and nodejs-nodemon security, bug fix, and enhancement update

2023-01-23 14:30:11

nodejsblog

Nov 3 2022 Security Releases

2022-11-01 00:00:00

suse

Security update for nodejs16 (important)

2022-07-26 00:00:00

Security update for nodejs14 (important)

2022-07-18 00:00:00

Security update for nodejs12 (important)

2022-07-18 00:00:00

photon

Critical Photon OS Security Update - PHSA-2022-0426

2022-07-26 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0426

2022-07-26 00:00:00

fedora

[SECURITY] Fedora 36 Update: nodejs-16.18.1-1.fc36

2022-11-29 01:28:04

[SECURITY] Fedora 37 Update: nodejs-18.12.1-1.fc37

2022-11-29 01:13:36

[SECURITY] Fedora 35 Update: nodejs-16.18.1-1.fc35

2022-11-29 00:57:02

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

8.1

Confidence

High

EPSS

0.006

Percentile

79.6%

JSON

Related for PRION:CVE-2022-43548