PT-2021-6615 · Node.Js+6 · Node.Js+6
Published
2021-08-12
·
Updated
2026-05-18
·
CVE-2021-22931
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Node.js versions prior to 16.6.0
Node.js versions prior to 14.17.4
Node.js versions prior to 12.22.4
Description
The issue is related to the Node.js dns library, which lacks proper input validation of host names returned by Domain Name Servers. This can lead to the output of wrong hostnames, resulting in domain hijacking and injection vulnerabilities in applications using the library. The vulnerability can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability is associated with incorrect handling of unusual characters in domain names.
Recommendations
For versions prior to 16.6.0, update to version 16.6.0 or later.
For versions prior to 14.17.4, update to version 14.17.4 or later.
For versions prior to 12.22.4, update to version 12.22.4 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Node.Js
Red Hat
Rocky Linux
Suse