Security Advisory

CVE-2022-32212

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-14 00:00:00

Last updated 2025-04-30 22:24:44

Assigner hackerone

State PUBLISHED

Description

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

← Browse all CVEs View on cve.org ↗