CVE-2021-22931 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Insufficient validation
Description	Node.js before versions 16.6.2, 14.17.5 and 12.22.5 is vulnerable to remote code execution, cross-site scripting and application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which can lead to output of wrong hostnames (leading to domain hijacking) and injection vulnerabilities in applications using the library.

Group	Package	Affected	Fixed	Severity	Status
AVG-2288	nodejs-lts-erbium	12.22.4-2		High	Not affected
AVG-2287	nodejs-lts-fermium	14.17.4-1		High	Not affected
AVG-2286	nodejs	16.6.1-1	16.6.2-1	High	Not affected

References
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931 https://github.com/nodejs/node/pull/39724 https://github.com/nodejs/node/commit/054537cdc2b24605df829b098660bc486626e88c https://github.com/nodejs/node/commit/4923b59e0b74dcc34ae0796f647286922da570ec https://github.com/nodejs/node/commit/5f947db68ce3be4339e27fc68ec81a6956ef065f

References

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
https://github.com/nodejs/node/pull/39724
https://github.com/nodejs/node/commit/054537cdc2b24605df829b098660bc486626e88c
https://github.com/nodejs/node/commit/4923b59e0b74dcc34ae0796f647286922da570ec
https://github.com/nodejs/node/commit/5f947db68ce3be4339e27fc68ec81a6956ef065f