CVE-2022-32212 vulnerability in nodejs and Other Products
Published on July 14, 2022
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2022-32212 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2022-32212
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-32212 are published in these products:
Affected Versions
NodeJS Node:- Version 4.0 and below 4.* is affected.
- Version 5.0 and below 5.* is affected.
- Version 6.0 and below 6.* is affected.
- Version 7.0 and below 7.* is affected.
- Version 8.0 and below 8.* is affected.
- Version 9.0 and below 9.* is affected.
- Version 10.0 and below 10.* is affected.
- Version 11.0 and below 11.* is affected.
- Version 12.0 and below 12.* is affected.
- Version 13.0 and below 13.* is affected.
- Version 14.0 and below 14.20.1 is affected.
- Version 15.0 and below 15.* is affected.
- Version 16.0 and below 16.17.1 is affected.
- Version 17.0 and below 17.* is affected.
- Version 18.0 and below 18.9.1 is affected.
Exploit Probability
EPSS
0.06%
Percentile
19.63%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.