CVE-2021-22884

nodejs: DNS rebinding in --inspect

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.

Node.js versiones anteriores a 10.24.0, 12.21.0, 14.16.0 y 15.10.0, es vulnerable a unos ataques de reenlace de DNS, ya que la lista blanca incluye “localhost6”. Cuando “localhost6” no está presente en el archivo /etc/hosts, es solo un dominio ordinario que es resuelto por medio de DNS, es decir, a través de la red. Si el atacante controla el servidor DNS de la víctima o puede falsificar sus respuestas, la protección de reenlace de DNS se puede omitir usando el dominio "localhost6". Siempre que el atacante use el dominio "localhost6", aún puede aplicar el ataque descrito en el CVE-2018-7160

A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-06 CVE Reserved
2021-02-28 CVE Published
2023-11-17 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action

CAPEC

References (14)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20210416-0001	Third Party Advisory
https://security.netapp.com/advisory/ntap-20210723-0001	Third Party Advisory

URL	Date	SRC
https://hackerone.com/reports/1069487	2024-08-03

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	2023-11-07
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases	2023-11-07
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/#node-js-inspector-dns-rebinding-vulnerability-cve-2018-7160	2023-11-07
https://www.oracle.com//security-alerts/cpujul2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpuApr2021.html	2023-11-07
https://www.oracle.com/security-alerts/cpuoct2021.html	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ	2023-11-07
https://access.redhat.com/security/cve/CVE-2021-22884	2021-03-15
https://bugzilla.redhat.com/show_bug.cgi?id=1932024	2021-03-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 10.0.0 < 10.24.0 Search vendor "Nodejs" for product "Node.js" and version " >= 10.0.0 < 10.24.0"		lts		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 12.0.0 < 12.21.0 Search vendor "Nodejs" for product "Node.js" and version " >= 12.0.0 < 12.21.0"		lts		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 14.0.0 < 14.16.0 Search vendor "Nodejs" for product "Node.js" and version " >= 14.0.0 < 14.16.0"		lts		Affected
Nodejs Search vendor "Nodejs"		Node.js Search vendor "Nodejs" for product "Node.js"				>= 15.0.0 < 15.10.0 Search vendor "Nodejs" for product "Node.js" and version " >= 15.0.0 < 15.10.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				32 Search vendor "Fedoraproject" for product "Fedora" and version "32"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		windows		Affected
Netapp Search vendor "Netapp"		E-series Performance Analyzer Search vendor "Netapp" for product "E-series Performance Analyzer"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation"				-		-		Affected
Netapp Search vendor "Netapp"		Snapcenter Search vendor "Netapp" for product "Snapcenter"				-		-		Affected
Oracle Search vendor "Oracle"		Graalvm Search vendor "Oracle" for product "Graalvm"				19.3.5 Search vendor "Oracle" for product "Graalvm" and version "19.3.5"		enterprise		Affected
Oracle Search vendor "Oracle"		Graalvm Search vendor "Oracle" for product "Graalvm"				20.3.1.2 Search vendor "Oracle" for product "Graalvm" and version "20.3.1.2"		enterprise		Affected
Oracle Search vendor "Oracle"		Graalvm Search vendor "Oracle" for product "Graalvm"				21.0.0.2 Search vendor "Oracle" for product "Graalvm" and version "21.0.0.2"		enterprise		Affected
Oracle Search vendor "Oracle"		Jd Edwards Enterpriseone Tools Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"				< 9.2.6.0 Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version " < 9.2.6.0"		-		Affected
Oracle Search vendor "Oracle"		Mysql Cluster Search vendor "Oracle" for product "Mysql Cluster"				<= 8.0.25 Search vendor "Oracle" for product "Mysql Cluster" and version " <= 8.0.25"		-		Affected
Oracle Search vendor "Oracle"		Nosql Database Search vendor "Oracle" for product "Nosql Database"				< 20.3 Search vendor "Oracle" for product "Nosql Database" and version " < 20.3"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59"		-		Affected
Siemens Search vendor "Siemens"		Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services"				< 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1"		-		Affected