Node.js prior to 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nodejs node.js |
||
netapp snapcenter - |
||
netapp oncommand workflow automation - |
||
netapp oncommand insight - |
||
netapp active iq unified manager - |
||
netapp nextgen api - |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle graalvm 20.3.3 |
||
oracle graalvm 21.2.0 |
||
oracle mysql cluster |
||
siemens sinec infrastructure network services |