CVE-2021-22931
Description
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.713
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 12 (x64) (12.22.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 12 (12.22.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 14 (x64) (14.17.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 14 (14.17.5) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 16 (x64) (16.6.2) | Windows |
| Vulnerabilities CVE-2021-22931,CVE-2021-22940,CVE-2021-22930,CVE-2021-22939 are fixed in Node.js 16 (16.6.2) | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 11.0.1 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Multiple Vulnerabilities are affected in MySQL Cluster 8.0.26 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0 | Windows |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-debugsource-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-devel-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-docs-12.22.5-1.module+el8.4.0+12242+af52a4c7.noarch.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-full-i18n-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623) nodejs:12 security and bug fix update npm-6.14.14-1.12.22.5.1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3623) nodejs-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3623) nodejs-devel-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3623) nodejs-docs-12.22.5-1.module+el8.4.0+20308+065a70e3.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3623) nodejs-full-i18n-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3623) nodejs-nodemon-2.0.3-1.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3623) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| Npm update (ELSA-2021-3623) npm-6.14.14-1.12.22.5.1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-debugsource-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-devel-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-docs-14.17.5-1.module+el8.4.0+12247+e2879e58.noarch.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-full-i18n-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| (RHSA-2021:3666) nodejs:14 security and bug fix update npm-6.14.14-1.14.17.5.1.module+el8.4.0+12247+e2879e58.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3666) nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3666) nodejs-devel-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3666) nodejs-docs-14.17.5-1.module+el8.4.0+20313+f90c2973.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3666) nodejs-full-i18n-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3666) nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3666) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Npm update (ELSA-2021-3666) npm-6.14.14-1.14.17.5.1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) npm-6.14.14-1.12.22.5.1.module+el8.4.0+647+e905fa21.x86_64.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) c-ares-1.13.0-6.el8.i686.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) c-ares-1.13.0-6.el8.x86_64.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-12.22.5-1.module+el8.4.0+647+e905fa21.x86_64.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-docs-12.22.5-1.module+el8.4.0+647+e905fa21.noarch.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) c-ares-devel-1.13.0-6.el8.i686.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) c-ares-devel-1.13.0-6.el8.x86_64.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-devel-12.22.5-1.module+el8.4.0+647+e905fa21.x86_64.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-full-i18n-12.22.5-1.module+el8.4.0+647+e905fa21.x86_64.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-packaging-23-3.module+el8.5.0+733+de4fee6c.noarch.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-debuginfo-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm | Linux |
| (RHSA-2021:3623)Important: security and bug fix update nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | Linux |
| Important: nodejs:12 security and bug fix update nodejs-packaging-17-3.module_el8.3.0+2023+d2377ea3.noarch.rpm | Linux |
| Important: nodejs:12 security and bug fix update nodejs-packaging-17-3.module_el8.4.0+2521+c668cc9f.noarch.rpm | Linux |
| Important: nodejs:14 security and bug fix update nodejs-nodemon-2.0.3-1.module_el8.4.0+2521+c668cc9f.noarch.rpm | Linux |
| nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
| nodejs:14 security and bug fix update (RLSA-2021:3666) nodejs-packaging-23-3.module+el8.7.0+1071+4bdda2a8.noarch.rpm | Linux |
| nodejs:14 security and bug fix update (RLSA-2021:3666) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
| Npm update (ELSA-2025-8514) npm-10.8.2-1.20.19.2.1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-packaging-bundler update (ELSA-2025-8514) nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2025-8514) nodejs-packaging-2021.06-4.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-nodemon update (ELSA-2025-8514) nodejs-nodemon-3.0.1-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2025-8514) nodejs-full-i18n-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2025-8514) nodejs-docs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.noarch.rpm | Linux |
| Nodejs-devel update (ELSA-2025-8514) nodejs-devel-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Nodejs update (ELSA-2025-8514) nodejs-20.19.2-1.module+el8.10.0+90611+29f3ae1e.x86_64.rpm | Linux |
| Improper Input Validation Vulnerability (CVE-2021-22931) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-320970 | Node.js 16 (x64) (16.6.2) |
| PATCH-320971 | Node.js 16 (16.6.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234