PT-2021-2514 · Node.Js+8 · Node.Js+8
Published
2020-01-24
·
Updated
2024-12-16
·
CVE-2021-22884
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Node.js versions prior to 10.24.0
Node.js versions prior to 12.21.0
Node.js versions prior to 14.16.0
Node.js versions prior to 15.10.0
Description
The issue is related to the presence of
localhost6 in the whitelist, which can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The localhost6 domain can be used to bypass DNS rebinding protection if it is not present in the /etc/hosts file, allowing an attacker who controls the victim's DNS server or can spoof its responses to apply the attack.Recommendations
For versions prior to 10.24.0, update to version 10.24.0 or later.
For versions prior to 12.21.0, update to version 12.21.0 or later.
For versions prior to 14.16.0, update to version 14.16.0 or later.
For versions prior to 15.10.0, update to version 15.10.0 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linuxmint
Node.Js
Red Hat
Rocky Linux
Suse
Ubuntu