Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-32223

Published: 14/07/2022 Updated: 28/10/2022
CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3
VMScore: 0
Subscribe to Node.js

Vulnerability Summary

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an malicious user to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nodejs node.js

Vendor Advisories

Amazon Linux 2022: ALAS-2023-286
ALAS-2023-286 Amazon Linux 2022 Security Advisory: ALAS-2023-286 Advisory Release Date: 2023-01-31 21:11 Pacific Advisory Updated Date: 2023-01-31 21:11 Pac ...

Github Repositories

https://github.com/kannkyo/nvd-api

NVD API 2.0 for python

NVD API Client NVD API client is a community driven NVD API 20 client This client support Vulnerabilities API and Products API Getting Start Products / CPE API This API's simple example is bellow from client import NvdApiClient from pprint import pprint client = NvdApiClient() response = clientget_cpes( cpe_name_id="87316812-5F2C-4286-94FE-CC98B9

References

CWE-427https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/https://hackerone.com/reports/1447455https://security.netapp.com/advisory/ntap-20220915-0001/https://nvd.nist.govhttps://github.com/kannkyo/nvd-apihttps://alas.aws.amazon.com/AL2022/ALAS-2023-286.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook