Oval Definition:oval:org.opensuse.security:def:202232212
Revision Date:2023-04-04Version:1
Title:CVE-2022-32212
Description:

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-32212
SUSE CVE-2022-32212
SUSE-CU-2022:1550-1
SUSE-CU-2022:1575-1
SUSE-CU-2022:1605-1
SUSE-SU-2022:2415-1
SUSE-SU-2022:2416-1
SUSE-SU-2022:2417-1
SUSE-SU-2022:2425-1
SUSE-SU-2022:2430-1
SUSE-SU-2022:2491-1
SUSE-SU-2022:2551-1
SUSE-SU-2022:2855-1
SUSE-SU-2023:0408-1
SUSE-SU-2023:0419-1
Platform(s):openSUSE Leap 15.5
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise Module for Web Scripting 15 SP4
SUSE Linux Enterprise Server 15 SP2-BCL
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
Product(s):
Definition Synopsis
  • openSUSE Leap 15.5 is installed
  • AND Package Information
  • corepack18-18.13.0-150400.9.3.1 is installed
  • AND corepack18 is signed with openSUSE key
  • OR
  • nodejs18-18.13.0-150400.9.3.1 is installed
  • AND nodejs18 is signed with openSUSE key
  • OR
  • nodejs18-devel-18.13.0-150400.9.3.1 is installed
  • AND nodejs18-devel is signed with openSUSE key
  • OR
  • nodejs18-docs-18.13.0-150400.9.3.1 is installed
  • AND nodejs18-docs is signed with openSUSE key
  • OR
  • npm18-18.13.0-150400.9.3.1 is installed
  • AND npm18 is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Web Scripting 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND Package Information
  • nodejs16-16.16.0-150400.3.3.2 is installed
  • OR nodejs16-devel-16.16.0-150400.3.3.2 is installed
  • OR nodejs16-docs-16.16.0-150400.3.3.2 is installed
  • OR npm16-16.16.0-150400.3.3.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS is installed
  • AND
  • nodejs10-10.24.1-150000.1.47.1 is installed
  • OR nodejs10-devel-10.24.1-150000.1.47.1 is installed
  • OR nodejs10-docs-10.24.1-150000.1.47.1 is installed
  • OR nodejs12-12.22.12-150200.4.35.1 is installed
  • OR nodejs12-devel-12.22.12-150200.4.35.1 is installed
  • OR nodejs12-docs-12.22.12-150200.4.35.1 is installed
  • OR nodejs14-14.20.0-150200.15.34.1 is installed
  • OR nodejs14-devel-14.20.0-150200.15.34.1 is installed
  • OR nodejs14-docs-14.20.0-150200.15.34.1 is installed
  • OR npm10-10.24.1-150000.1.47.1 is installed
  • OR npm12-12.22.12-150200.4.35.1 is installed
  • OR npm14-14.20.0-150200.15.34.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 15 SP2-LTSS is installed
  • AND
  • nodejs10-10.24.1-150000.1.47.1 is installed
  • OR nodejs10-devel-10.24.1-150000.1.47.1 is installed
  • OR nodejs10-docs-10.24.1-150000.1.47.1 is installed
  • OR nodejs12-12.22.12-150200.4.35.1 is installed
  • OR nodejs12-devel-12.22.12-150200.4.35.1 is installed
  • OR nodejs12-docs-12.22.12-150200.4.35.1 is installed
  • OR nodejs14-14.20.0-150200.15.34.1 is installed
  • OR nodejs14-devel-14.20.0-150200.15.34.1 is installed
  • OR nodejs14-docs-14.20.0-150200.15.34.1 is installed
  • OR npm10-10.24.1-150000.1.47.1 is installed
  • OR npm12-12.22.12-150200.4.35.1 is installed
  • OR npm14-14.20.0-150200.15.34.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 15 SP2-BCL is installed
  • AND
  • nodejs10-10.24.1-150000.1.47.1 is installed
  • OR nodejs10-devel-10.24.1-150000.1.47.1 is installed
  • OR nodejs10-docs-10.24.1-150000.1.47.1 is installed
  • OR nodejs12-12.22.12-150200.4.35.1 is installed
  • OR nodejs12-devel-12.22.12-150200.4.35.1 is installed
  • OR nodejs12-docs-12.22.12-150200.4.35.1 is installed
  • OR nodejs14-14.20.0-150200.15.34.1 is installed
  • OR nodejs14-devel-14.20.0-150200.15.34.1 is installed
  • OR nodejs14-docs-14.20.0-150200.15.34.1 is installed
  • OR npm10-10.24.1-150000.1.47.1 is installed
  • OR npm12-12.22.12-150200.4.35.1 is installed
  • OR npm14-14.20.0-150200.15.34.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND
  • nodejs10-10.24.1-150000.1.47.1 is installed
  • OR nodejs10-devel-10.24.1-150000.1.47.1 is installed
  • OR nodejs10-docs-10.24.1-150000.1.47.1 is installed
  • OR nodejs12-12.22.12-150200.4.35.1 is installed
  • OR nodejs12-devel-12.22.12-150200.4.35.1 is installed
  • OR nodejs12-docs-12.22.12-150200.4.35.1 is installed
  • OR nodejs14-14.20.0-150200.15.34.1 is installed
  • OR nodejs14-devel-14.20.0-150200.15.34.1 is installed
  • OR nodejs14-docs-14.20.0-150200.15.34.1 is installed
  • OR npm10-10.24.1-150000.1.47.1 is installed
  • OR npm12-12.22.12-150200.4.35.1 is installed
  • OR npm14-14.20.0-150200.15.34.1 is installed
    • BACK