CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 1CVE-2022-35255 – nodejs: weak randomness in WebCrypto keygen
https://notcve.org/view.php?id=CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. Existe una aleatoriedad débil en la vulnerabilidad keygen de WebCrypto en Node.js 18 debido a un cambio con EntropySource() en SecretKeyGenTraits::DoKeyGen() en src/crypto/crypto_keygen.cc. Hay dos problemas con esto: 1) No verifica el valor de retorno, asume que EntropySource() siempre tiene éxito, pero puede (y a veces fallará). 2) Los datos aleatorios devueltos por EntropySource() pueden no ser criptográficamente sólidos y, por lo tanto, no son adecuados como material de claves. A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://hackerone.com/reports/1690000 https://security.netapp.com/advisory/ntap-20230113-0002 https://www.debian.org/security/2023/dsa-5326 https://access.redhat.com/security/cve/CVE-2022-35255 https://bugzilla.redhat.com/show_bug.cgi?id=2130517 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-35256 – nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
https://notcve.org/view.php?id=CVE-2022-35256
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. El analizador llhttp en el módulo http en Node v18.7.0 no maneja correctamente los campos de encabezado que no terminan con CLRF. Esto puede resultar en tráfico ilegal de solicitudes HTTP. A vulnerability was found in NodeJS due to improper validation of HTTP requests. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://hackerone.com/reports/1675191 https://www.debian.org/security/2023/dsa-5326 https://access.redhat.com/security/cve/CVE-2022-35256 https://bugzilla.redhat.com/show_bug.cgi?id=2130518 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32223
https://notcve.org/view.php?id=CVE-2022-32223
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. Node.js es vulnerable a un Flujo de Ejecución de Secuestro: Secuestro de DLL bajo determinadas condiciones en plataformas Windows. Esta vulnerabilidad puede ser explotada si la víctima presenta las siguientes dependencias en una máquina Windows:* OpenSSL ha sido instalada y "C:\Program Files\Common Files\SSL\openssl.cnf" se presenta. Siempre que sean dadas las condiciones anteriores, "node.exe" buscará "providers.dll" en el directorio actual del usuario. Después, "node.exe" intentará buscar "providers.dll" mediante el orden de búsqueda de DLL en Windows. • https://hackerone.com/reports/1447455 https://nodejs.org/en/blog/vulnerability/july-2022-security-releases https://security.netapp.com/advisory/ntap-20220915-0001 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2022-32222
https://notcve.org/view.php?id=CVE-2022-32222
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. Se presenta una vulnerabilidad criptográfica en Node.js en linux en versiones 18.x anteriores a 18.40.0, que permitía una ruta por defecto para openssl.cnf que podría ser accesible en algunas circunstancias para un usuario no administrador en lugar de /etc/ssl como era el caso en las versiones anteriores a la actualización a OpenSSL 3 • https://hackerone.com/reports/1695596 • CWE-310: Cryptographic Issues CWE-427: Uncontrolled Search Path Element •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-32212 – nodejs: DNS rebinding in --inspect via invalid IP addresses
https://notcve.org/view.php?id=CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. Se presenta una vulnerabilidad de inyección de comandos en el Sistema Operativo en Node.js versiones anteriores a 14.20.0, anteriores a 16.16.0, anteriores a 18.5.0, debido a una comprobación insuficiente de IsAllowedHost que puede ser fácilmente omitida porque IsIPAddress no comprueba correctamente si una dirección IP no es válida antes de realizar peticiones DBS permitiendo ataques de reenganche. A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided (for instance, 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server. This issue provides a vector for an attacker-controlled DNS server or a Man-in-the-middle attack (MITM) who can spoof DNS responses to perform a rebinding attack and then connect to the WebSocket debugger allowing for arbitrary code execution on the target system. • https://hackerone.com/reports/1632921 https://access.redhat.com/security/cve/CVE-2022-32212 https://bugzilla.redhat.com/show_bug.cgi?id=2105422 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-284: Improper Access Control CWE-703: Improper Check or Handling of Exceptional Conditions •