CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-22931

CVSS 9.8v3.1pub. 2021-08-16upd. 2024-11-21

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Nextgen Api

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Workflow Automation

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Node.js

    APP
    Nodejs
    12.0.0 – 12.12.012.13.0 – 12.22.5 (bez)14.0.0 – 14.14.014.15.0 – 14.17.5 (bez)16.0.0 – 16.6.2 (bez)
  • Oracle Graalvm

    APP
    Oracle
    20.3.321.2.0
  • Oracle MySQL Cluster

    APP
    Oracle
    ≤ 8.0.26
  • Oracle Peoplesoft Enterprise Peopletools

    APP
    Oracle
    8.578.588.59
  • Siemens Sinec Infrastructure Network Services

    APP
    Siemens
    < 1.0.1.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEXSS
CWE
References

Related vulnerabilities

CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2019-2725CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services)...

CVE-2016-8735CRITICAL9.8⚠ KEVten sam produkt

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...