8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
24.0%
node is vulnerable to OS Command Injection. The vulnerability exists due to the insufficient sanitizations in IsIPAddress
function of inspector_socket.cc
, which allows an attacker to gain control of the victim’s router by performing DNS rebinding attacks via DBS requests.
cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22884
github.com/advisories/GHSA-w95h-2gj2-x2p4
github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131
github.com/nodejs/node/commit/754c9bfde06d17b37832f19b32e596f9e2ee69e3
github.com/nodejs/node/commit/e4af5eba957d23dc47497519cb9253dd2dccbeda
hackerone.com/reports/1632921
lists.debian.org/debian-lts-announce/2022/10/msg00006.html
lists.fedoraproject.org/archives/list/[email protected]/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK/
lists.fedoraproject.org/archives/list/[email protected]/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3/
lists.fedoraproject.org/archives/list/[email protected]/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY/
nodejs.org/en/blog/vulnerability/july-2022-security-releases/
nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212
security.netapp.com/advisory/ntap-20220915-0001/
www.debian.org/security/2023/dsa-5326
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
24.0%