Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-43548
HistoryDec 05, 2022 - 12:00 a.m.

CVE-2022-43548

2022-12-0500:00:00
ubuntu.com
ubuntu.com
21

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

76.4%

A OS Command Injection vulnerability exists in Node.js versions <14.21.1,
<16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that
can easily be bypassed because IsIPAddress does not properly check if an IP
address is invalid before making DBS requests allowing rebinding
attacks.The fix for this issue in
https://vulners.com/cve/CVE-2022-32212 was
incomplete and this new CVE is to complete the fix.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnodejs< 8.10.0~dfsg-2ubuntu0.4+esm4UNKNOWN
ubuntu20.04noarchnodejs< 10.19.0~dfsg-3ubuntu1.3UNKNOWN
ubuntu22.04noarchnodejs< 12.22.9~dfsg-1ubuntu3.2UNKNOWN

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

76.4%