N/A

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Node.js 操作系统命令注入漏洞

Node.js是一个开源、跨平台的 JavaScript 运行时环境。 Node.js Core存在安全漏洞。攻击者利用该漏洞通过DNS Rebinding绕过对Node Core数据的访问限制，以读取敏感信息。

N/A

N/A