Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which can lead to output of wrong hostnames (leading to domain hijacking) and injection vulnerabilities in applications using the library.
Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which can lead to output of wrong hostnames (leading to domain hijacking) and injection vulnerabilities in applications using the library.
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931 https://github.com/nodejs/node/pull/39724 https://github.com/nodejs/node/commit/054537cdc2b24605df829b098660bc486626e88c https://github.com/nodejs/node/commit/4923b59e0b74dcc34ae0796f647286922da570ec https://github.com/nodejs/node/commit/5f947db68ce3be4339e27fc68ec81a6956ef065f