CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 1CVE-2023-23936 – CRLF Injection in Nodejs ‘undici’ via host
https://notcve.org/view.php?id=CVE-2023-23936
16 Feb 2023 — Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici. A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. • https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-43548 – nodejs: DNS rebinding in inspect via invalid octal IP address
https://notcve.org/view.php?id=CVE-2022-43548
05 Dec 2022 — A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. Existe una vulnerabilidad de inyección de comandos del Sistema Operat... • https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •
CVSS: 7.8EPSS: 15%CPEs: 6EXPL: 2CVE-2022-3786 – X.509 Email Address Variable Length Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-3786
01 Nov 2022 — A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on t... • https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 84%CPEs: 9EXPL: 8CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-3602
01 Nov 2022 — A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash... • https://github.com/colmmacc/CVE-2022-3602 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 1%CPEs: 9EXPL: 1CVE-2022-35255 – nodejs: weak randomness in WebCrypto keygen
https://notcve.org/view.php?id=CVE-2022-35255
18 Oct 2022 — A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. Existe una aleatoriedad débil en la vulnerabilidad k... • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.5EPSS: 3%CPEs: 11EXPL: 1CVE-2022-35256 – nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
https://notcve.org/view.php?id=CVE-2022-35256
18 Oct 2022 — The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. El analizador llhttp en el módulo http en Node v18.7.0 no maneja correctamente los campos de encabezado que no terminan con CLRF. Esto puede resultar en tráfico ilegal de solicitudes HTTP. A vulnerability was found in NodeJS due to improper validation of HTTP requests. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36046 – Unexpected server crash in Next.js version 12.2.3
https://notcve.org/view.php?id=CVE-2022-36046
31 Aug 2022 — Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across r... • https://github.com/vercel/next.js/releases/tag/v12.2.4 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.3EPSS: 6%CPEs: 6EXPL: 1CVE-2022-32223
https://notcve.org/view.php?id=CVE-2022-32223
14 Jul 2022 — Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.I... • https://github.com/ianyong/cve-2022-32223 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-32212 – nodejs: DNS rebinding in --inspect via invalid IP addresses
https://notcve.org/view.php?id=CVE-2022-32212
14 Jul 2022 — A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. Se presenta una vulnerabilidad de inyección de comandos en el Sistema Operativo en Node.js versiones anteriores a 14.20.0, anteriores a 16.16.0, anteriores a 18.5.0, debido a una comprobación insuficiente de IsAllowedHost ... • https://hackerone.com/reports/1632921 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-284: Improper Access Control CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 89%CPEs: 15EXPL: 1CVE-2022-32213 – nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
https://notcve.org/view.php?id=CVE-2022-32213
14 Jul 2022 — The llhttp parser