SB20221019100 - Red Hat Software Collections update for rh-nodejs14-nodejs

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20221019100

SB20221019100 - Red Hat Software Collections update for rh-nodejs14-nodejs

Published: October 19, 2022

Security Bulletin ID SB20221019100
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Improper Certificate Validation (CVE-ID: CVE-2021-44531)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient validation of URI Subject Alternative Names. Node.js accepts arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type. A remote attacker can bypass name-constrained intermediates and perform spoofing attack.


2) Improper validation of certificate with host mismatch (CVE-ID: CVE-2021-44532)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper validation of certificates, when converting SANs (Subject Alternative Names) to a string format. A remote attacker can inject special characters into the string and perform spoofing attack.


3) Improper Certificate Validation (CVE-ID: CVE-2021-44533)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper validation of certificate subject and issuer fields. A remote attacker can create a certificate with specially crafted multi-value Relative Distinguished Names and perform spoofing attack.


4) Resource exhaustion (CVE-ID: CVE-2021-44906)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.


5) Prototype pollution (CVE-ID: CVE-2022-21824)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to the formatting logic of the console.table() function. A remote attacker can send a specially crafted request and assign an empty string to numerical keys of the object prototype.



6) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-35256)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


Remediation

Install update from vendor's website.

References