Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-22931

Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which can lead to output of wrong hostnames (leading to domain hijacking) and injection vulnerabilities in applications using the library.

Source

Severity High

Remote Yes

Type Insufficient validation

Description

Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which can lead to output of wrong hostnames (leading to domain hijacking) and injection vulnerabilities in applications using the library.

AVG-2288 nodejs-lts-erbium 12.22.4-2 High Not affected

AVG-2287 nodejs-lts-fermium 14.17.4-1 High Not affected

AVG-2286 nodejs 16.6.1-1 16.6.2-1 High Not affected

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
https://github.com/nodejs/node/pull/39724
https://github.com/nodejs/node/commit/054537cdc2b24605df829b098660bc486626e88c
https://github.com/nodejs/node/commit/4923b59e0b74dcc34ae0796f647286922da570ec
https://github.com/nodejs/node/commit/5f947db68ce3be4339e27fc68ec81a6956ef065f

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect