Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetapp Active Iq Unified Manager
APPNetappwszystkie wersjeNetapp Nextgen Api
APPNetappwszystkie wersjeNetapp Oncommand Insight
APPNetappwszystkie wersjeNetapp Oncommand Workflow Automation
APPNetappwszystkie wersjeNetapp Snapcenter
APPNetappwszystkie wersjeNode.js
APPNodejs12.0.0 – 12.12.012.13.0 – 12.22.5 (bez)14.0.0 – 14.14.014.15.0 – 14.17.5 (bez)16.0.0 – 16.6.2 (bez)Oracle Graalvm
APPOracle20.3.321.2.0Oracle MySQL Cluster
APPOracle≤ 8.0.26Oracle Peoplesoft Enterprise Peopletools
APPOracle8.578.588.59Siemens Sinec Infrastructure Network Services
APPSiemens< 1.0.1.1
Related vulnerabilities
Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services)...
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...