{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43548", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "dateUpdated": "2024-08-03T13:32:59.546Z", "dateReserved": "2022-10-20T00:00:00", "datePublished": "2022-12-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-04-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix."}], "affected": [{"vendor": "n/a", "product": "https://github.com/nodejs/node", "versions": [{"version": "Fixed in 19.0.1, 18.12.1, 16.18.1, 14.21.1", "status": "affected"}]}], "references": [{"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/"}, {"url": "https://security.netapp.com/advisory/ntap-20230120-0004/"}, {"name": "DSA-5326", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5326"}, {"name": "[debian-lts-announce] 20230226 [SECURITY] [DLA 3344-1] nodejs security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "OS Command Injection (CWE-78)", "cweId": "CWE-78"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.546Z"}, "title": "CVE Program Container", "references": [{"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230120-0004/", "tags": ["x_transferred"]}, {"name": "DSA-5326", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5326"}, {"name": "[debian-lts-announce] 20230226 [SECURITY] [DLA 3344-1] nodejs security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230427-0007/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482", "versionEndIncluding": "14.14.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "BE09F669-5369-442E-8B63-BF58FC0CBB22", "versionEndExcluding": "14.21.1", "versionStartIncluding": "14.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA", "versionEndIncluding": "16.12.0", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "matchCriteriaId": "FF081B38-0E73-4066-898D-12C6B6D48913", "versionEndExcluding": "16.18.1", "versionStartIncluding": "16.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "matchCriteriaId": "33DB62F6-9D8D-42F8-A75E-82DA091C02BC", "versionEndIncluding": "18.11.0", "versionStartIncluding": "18.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*", "matchCriteriaId": "7B1F87EE-4E30-4832-BF01-8501E94380EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*", "matchCriteriaId": "F568BBC5-0D8E-499C-9F3E-DDCE5F10F9D5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo en las versiones de Node.js &lt;14.21.1, &lt;16.18.1, &lt;18.12.1, &lt;19.0.1 debido a una verificaci\u00f3n insuficiente de IsAllowedHost que se puede omitir f\u00e1cilmente porque IsIPAddress no lo hace correctamente. verifique si una direcci\u00f3n IP no es v\u00e1lida antes de realizar solicitudes de DBS que permitan volver a vincular ataques. La soluci\u00f3n para este problema en https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 estaba incompleta y esto El nuevo CVE es para completar la soluci\u00f3n."}], "id": "CVE-2022-43548", "lastModified": "2023-04-27T15:15:09.797", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-05T22:15:10.923", "references": [{"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230120-0004/"}, {"source": "support@hackerone.com", "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5326"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "support@hackerone.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8833", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:18-8070020221118123310.bd1311ed", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-12-06T00:00:00Z"}, {"advisory": "RHSA-2022:9073", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:16-8070020221207164159.bd1311ed", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-12-15T00:00:00Z"}, {"advisory": "RHSA-2023:0050", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:14-8070020221212161539.bd1311ed", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-01-09T00:00:00Z"}, {"advisory": "RHSA-2023:1533", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "nodejs:14-8040020230306170312.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-30T00:00:00Z"}, {"advisory": "RHSA-2023:1742", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "nodejs:14-8060020230306170237.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-04-12T00:00:00Z"}, {"advisory": "RHSA-2022:8832", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "nodejs:18-9010020221118120946.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:0321", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "nodejs-1:16.18.1-3.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-01-23T00:00:00Z"}, {"advisory": "RHSA-2023:0612", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs14-nodejs-0:14.21.1-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-02-06T00:00:00Z"}, {"advisory": "RHSA-2023:0612", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-02-06T00:00:00Z"}], "bugzilla": {"description": "nodejs: DNS rebinding in inspect via invalid octal IP address", "id": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-350", "details": ["A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.", "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code."], "name": "CVE-2022-43548", "public_date": "2022-11-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-43548\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43548\nhttps://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548"], "threat_severity": "Moderate"}