CVE-2022-43548

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-43548
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-12-05 22:15:00 UTC
Updated2023-04-27 15:15:00 UTC
DescriptionA OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.

Risk And Classification

Problem Types: CWE-78

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js 18.12.0 All All All
Application Nodejs Node.js 19.0.0 All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All
Application Nodejs Node.js All All All All

References

ReferenceSourceLinkTags
Nov 3 2022 Security Releases | Node.js MISC nodejs.org
April 2023 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Debian -- Security Information -- DSA-5326-1 nodejs DEBIAN www.debian.org
CVE-2022-43548 Node.js Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
[SECURITY] [DLA 3344-1] nodejs security update MLIST lists.debian.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160347 Oracle Enterprise Linux Security Update for nodejs:18 (ELSA-2022-8833)
  • 160348 Oracle Enterprise Linux Security Update for 18 (ELSA-2022-8832)
  • 160361 Oracle Enterprise Linux Security Update for nodejs:16 (ELSA-2022-9073-1)
  • 160373 Oracle Enterprise Linux Security Update for nodejs:14 (ELSA-2023-0050)
  • 160410 Oracle Enterprise Linux Security Update for nodejs and nodejs-nodemon (ELSA-2023-0321)
  • 181502 Debian Security Update for nodejs (DSA 5326-1)
  • 181612 Debian Security Update for nodejs (DLA 3344-1)
  • 182150 Debian Security Update for nodejs (CVE-2022-43548)
  • 199926 Ubuntu Security Notification for Node.js Vulnerabilities (USN-6491-1)
  • 240966 Red Hat Update for nodejs:18 security (RHSA-2022:8832)
  • 240967 Red Hat Update for nodejs:18 security (RHSA-2022:8833)
  • 241026 Red Hat Update for nodejs:16 security (RHSA-2022:9073)
  • 241041 Red Hat Update for nodejs:14 security (RHSA-2023:0050)
  • 241117 Red Hat Update for nodejs and nodejs-nodemon security (RHSA-2023:0321)
  • 241160 Red Hat Update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2023:0612)
  • 241304 Red Hat Update for nodejs:14 security (RHSA-2023:1533)
  • 241341 Red Hat Update for nodejs:14 security (RHSA-2023:1742)
  • 296098 Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)
  • 355273 Amazon Linux Security Advisory for nodejs : ALAS2023-2023-084
  • 377881 Node.js Multiple Vulnerabilities (November 2022)
  • 378045 Alibaba Cloud Linux Security Update for nodejs:14 (ALINUX3-SA-2023:0026)
  • 502747 Alpine Linux Security Update for nodejs
  • 752843 SUSE Enterprise Linux Security Update for nodejs16 (SUSE-SU-2022:4084-1)
  • 752846 SUSE Enterprise Linux Security Update for nodejs14 (SUSE-SU-2022:4255-1)
  • 752920 SUSE Enterprise Linux Security Update for nodejs16 (SUSE-SU-2022:4003-1)
  • 752929 SUSE Enterprise Linux Security Update for nodejs12 (SUSE-SU-2022:4254-1)
  • 752966 SUSE Enterprise Linux Security Update for nodejs10 (SUSE-SU-2022:4301-1)
  • 753698 SUSE Enterprise Linux Security Update for nodejs18 (SUSE-SU-2023:0419-1)
  • 904628 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (11579)
  • 904639 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (11577)
  • 904716 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (11577-1)
  • 904742 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (11579-1)
  • 940854 AlmaLinux Security Update for nodejs:18 (ALSA-2022:8832)
  • 940855 AlmaLinux Security Update for nodejs:18 (ALSA-2022:8833)
  • 940856 AlmaLinux Security Update for nodejs:18 (ALSA-2022:8833)
  • 940857 AlmaLinux Security Update for nodejs:18 (ALSA-2022:8833)
  • 940859 AlmaLinux Security Update for nodejs:16 (ALSA-2022:9073)
  • 940865 AlmaLinux Security Update for nodejs:14 (ALSA-2023:0050)
  • 940906 AlmaLinux Security Update for nodejs and nodejs-nodemon (ALSA-2023:0321)
  • 960517 Rocky Linux Security Update for nodejs and nodejs-nodemon (RLSA-2023:0321)
  • 960640 Rocky Linux Security Update for nodejs:18 (RLSA-2022:8832)
  • 960645 Rocky Linux Security Update for nodejs:14 (RLSA-2023:0050)
  • 960646 Rocky Linux Security Update for nodejs:18 (RLSA-2022:8833)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report