1. Home
  2. Vulnerabilities
  3. CVE-2021-22931

CVE-2021-22931

CVSS v3.1 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 3.02 % (91th)
3.02% Progress
Affected Products 10
Advisories 25
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

Weaknesses
CWE-170
Improper Null Termination
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
HackerOne
Published Date
2021-08-16 19:15:13
(3 years ago)
Updated Date
2024-01-05 10:15:09
(8 months ago)

Affected Products

Netapp

Nodejs

Oracle

Siemens

Configuration #1

    CPE23 From Up To
  Nodejs Node.js from 12.0.0 version and 12.12.0 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 12.0.0 <= 12.12.0
  Nodejs Node.js from 12.13.0 version and prior 12.22.5 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 12.13.0 < 12.22.5
  Nodejs Node.js from 14.0.0 version and 14.14.0 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 14.0.0 <= 14.14.0
  Nodejs Node.js from 14.15.0 version and prior 14.17.5 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 14.15.0 < 14.17.5
  Nodejs Node.js from 16.0.0 version and prior 16.6.2 version cpe:2.3:a:nodejs:node.js::*:*:*:- >= 16.0.0 < 16.6.2

Configuration #2

    CPE23 From Up To
  Netapp Active Iq Unified Manager for Vmware Vsphere cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere
  Netapp Active Iq Unified Manager for Windows cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows
  Netapp Nextgen Api cpe:2.3:a:netapp:nextgen_api:-
  Netapp Oncommand Insight cpe:2.3:a:netapp:oncommand_insight:-
  Netapp Oncommand Workflow Automation cpe:2.3:a:netapp:oncommand_workflow_automation:-
  Netapp Snapcenter cpe:2.3:a:netapp:snapcenter:-

Configuration #3

    CPE23 From Up To
  Oracle Graalvm 20.3.3 cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise
  Oracle Graalvm 21.2.0 cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise
  Oracle Mysql Cluster 8.0.26 and prior versions cpe:2.3:a:oracle:mysql_cluster <= 8.0.26
  Oracle Peoplesoft Enterprise Peopletools 8.57 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57
  Oracle Peoplesoft Enterprise Peopletools 8.58 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
  Oracle Peoplesoft Enterprise Peopletools 8.59 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59

Configuration #4

    CPE23 From Up To
  Siemens Sinec Infrastructure Network Services prior 1.0.1.1 version cpe:2.3:a:siemens:sinec_infrastructure_network_services < 1.0.1.1