Wind River Support Network

HomeDefectsLIN1022-889
Fixed

LIN1022-889 : Security Advisory - nodejs - CVE-2022-32212

Created: Jul 11, 2022    Updated: Jan 15, 2023
Resolved Date: Jan 3, 2023
Found In Version: 10.22.33.1
Fix Version: 10.22.33.4
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace

Description

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

https://nvd.nist.gov/vuln/detail/CVE-2022-32212

CVEs

Live chat
Offline
  • Linkedin
  • Facebook
  • Twitter
  • Youtube