Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
| Software | From | Fixed in |
|---|---|---|
| nodejs / node.js | 18.0.0 | 18.5.0 |
| nodejs / node.js | 14.0.0 | 14.14.0.x |
| nodejs / node.js | 16.0.0 | 16.12.0.x |
| nodejs / node.js | 14.15.0 | 14.20.1 |
| nodejs / node.js | 16.13.0 | 16.17.1 |
| debian / debian_linux | 10.0 | 10.0.x |
| debian / debian_linux | 11.0 | 11.0.x |
| fedoraproject / fedora | 35 | 35.x |
| fedoraproject / fedora | 36 | 36.x |
| fedoraproject / fedora | 37 | 37.x |
| siemens / sinec_ins | 1.0-sp1 | 1.0-sp1.x |
| siemens / sinec_ins | - | 1.0 |
| siemens / sinec_ins | 1.0 | 1.0.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime