CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html	Mailing List Third Party Advisory
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/	Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20230120-0004/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20230427-0007/
https://www.debian.org/security/2023/dsa-5326	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:18.12.0::::lts:::
	cpe:2.3:a:nodejs:node.js:19.0.0::::-:::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

History

No history.

Information

Published : 2022-12-05 22:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-43548

Mitre link : CVE-2022-43548

CVE.ORG link : CVE-2022-43548

JSON object : View

Products Affected

nodejs

node.js

debian

debian_linux

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-43548", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2022-12-05T22:15:10.923", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/", "tags": ["Patch", "Vendor Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20230120-0004/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20230427-0007/", "source": "support@hackerone.com"}, {"url": "https://www.debian.org/security/2023/dsa-5326", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo en las versiones de Node.js <14.21.1, <16.18.1, <18.12.1, <19.0.1 debido a una verificaci\u00f3n insuficiente de IsAllowedHost que se puede omitir f\u00e1cilmente porque IsIPAddress no lo hace correctamente. verifique si una direcci\u00f3n IP no es v\u00e1lida antes de realizar solicitudes de DBS que permitan volver a vincular ataques. La soluci\u00f3n para este problema en https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 estaba incompleta y esto El nuevo CVE es para completar la soluci\u00f3n."}], "lastModified": "2023-04-27T15:15:09.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482", "versionEndIncluding": "14.14.0", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "BE09F669-5369-442E-8B63-BF58FC0CBB22", "versionEndExcluding": "14.21.1", "versionStartIncluding": "14.15.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA", "versionEndIncluding": "16.12.0", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "FF081B38-0E73-4066-898D-12C6B6D48913", "versionEndExcluding": "16.18.1", "versionStartIncluding": "16.13.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "33DB62F6-9D8D-42F8-A75E-82DA091C02BC", "versionEndIncluding": "18.11.0", "versionStartIncluding": "18.0.0"}, {"criteria": "cpe:2.3:a:nodejs:node.js:18.12.0:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "7B1F87EE-4E30-4832-BF01-8501E94380EE"}, {"criteria": "cpe:2.3:a:nodejs:node.js:19.0.0:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F568BBC5-0D8E-499C-9F3E-DDCE5F10F9D5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}