Vulnetix
Try Vulnetix Request Demo
CVE-2021-22931 PUBLISHED CVSS 9.300000190734863 CRITICAL

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

EPSS 0.66% · 71.0th percentile

Risk Scores

CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.66%
71.0th percentile

Affected Products

VendorProductVersions
Bitnaminode12.13.0, 14.0.0, 16.0.0
Bitnaminode12.13.0, 12.0.0, 14.0.0
Bitnaminode-min12.0.0, 14.0.0, 16.0.0
Bitnaminode-min12.0.0, 12.13.0, 14.0.0

Timeline

References

Open in Interactive Console →