Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-35256 (GCVE-0-2022-35256)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2025-04-30 22:24
VLAI?
EPSS
Summary
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Severity ?
6.5 (Medium)
CWE
- CWE-444 - HTTP Request Smuggling (CWE-444)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NodeJS | Node |
Affected:
4.0 , < 4.*
(semver)
Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.20.1 (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.17.1 (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.9.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1675191"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"name": "DSA-5326",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-35256",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T13:21:44.276405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T13:22:44.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Node",
"vendor": "NodeJS",
"versions": [
{
"lessThan": "4.*",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.*",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "6.*",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "7.*",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThan": "9.*",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThan": "10.*",
"status": "affected",
"version": "10.0",
"versionType": "semver"
},
{
"lessThan": "11.*",
"status": "affected",
"version": "11.0",
"versionType": "semver"
},
{
"lessThan": "12.*",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThan": "13.*",
"status": "affected",
"version": "13.0",
"versionType": "semver"
},
{
"lessThan": "14.20.1",
"status": "affected",
"version": "14.0",
"versionType": "semver"
},
{
"lessThan": "15.*",
"status": "affected",
"version": "15.0",
"versionType": "semver"
},
{
"lessThan": "16.17.1",
"status": "affected",
"version": "16.0",
"versionType": "semver"
},
{
"lessThan": "17.*",
"status": "affected",
"version": "17.0",
"versionType": "semver"
},
{
"lessThan": "18.9.1",
"status": "affected",
"version": "18.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "HTTP Request Smuggling (CWE-444)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T22:24:47.709Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1675191"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"name": "DSA-5326",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35256",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-30T22:24:47.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://hackerone.com/reports/1675191\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5326\", \"name\": \"DSA-5326\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T09:29:17.444Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-35256\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-24T13:21:44.276405Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-24T13:22:35.447Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"NodeJS\", \"product\": \"Node\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0\", \"lessThan\": \"5.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.0\", \"lessThan\": \"11.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"12.0\", \"lessThan\": \"12.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"13.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"14.0\", \"lessThan\": \"14.20.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"15.0\", \"lessThan\": \"15.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"16.0\", \"lessThan\": \"16.17.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"17.0\", \"lessThan\": \"17.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.0\", \"lessThan\": \"18.9.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://hackerone.com/reports/1675191\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5326\", \"name\": \"DSA-5326\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"HTTP Request Smuggling (CWE-444)\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2025-04-30T22:24:47.709Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-35256\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-30T22:24:47.709Z\", \"dateReserved\": \"2022-07-06T00:00:00.000Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2022-12-05T00:00:00.000Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cve-2022-35256
Vulnerability from osv_almalinux
Published
2023-01-23 00:00
Modified
2023-09-15 13:41
Summary
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20).
Security Fix(es):
- minimist: prototype pollution (CVE-2021-44906)
- nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
- nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- nodejs: Packaged version of undici does not fit with declared version. [almalinux-9] (BZ#2151627)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.18.1-3.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.18.1-3.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.18.1-3.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.18.1-3.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.20-2.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.19.2-1.16.18.1.3.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20).\n\nSecurity Fix(es):\n\n* minimist: prototype pollution (CVE-2021-44906)\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* nodejs: Packaged version of undici does not fit with declared version. [almalinux-9] (BZ#2151627)",
"id": "ALSA-2023:0321",
"modified": "2023-09-15T13:41:48Z",
"published": "2023-01-23T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:0321"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-3517"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-43548"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2066009"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130518"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2134609"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140911"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-0321.html"
}
],
"related": [
"CVE-2021-44906",
"CVE-2022-3517",
"CVE-2022-35256",
"CVE-2022-43548"
],
"summary": "Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update"
}
cve-2022-35256
Vulnerability from osv_almalinux
Published
2022-10-18 00:00
Modified
2023-03-13 16:35
Summary
Important: nodejs security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16.17.1).
Security Fix(es):
- nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.15.0-1.16.17.1.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.17.1).\n\nSecurity Fix(es):\n\n* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:6963",
"modified": "2023-03-13T16:35:42Z",
"published": "2022-10-18T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6963"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35255"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130517"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130518"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-6963.html"
}
],
"related": [
"CVE-2022-35255",
"CVE-2022-35256"
],
"summary": "Important: nodejs security update"
}
cve-2022-35256
Vulnerability from osv_almalinux
Published
2022-11-08 00:00
Modified
2022-11-23 22:19
Summary
Moderate: nodejs:14 security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
- nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
- nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
- nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:14.20.1-2.module_el8.7.0+3342+b2df8497"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:14.20.1-2.module_el8.7.0+3342+b2df8497"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:14.20.1-2.module_el8.7.0+3342+b2df8497"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:14.20.1-2.module_el8.7.0+3342+b2df8497"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.19-2.module_el8.6.0+3261+490666b3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "23-3.module_el8.4.0+2522+3bd42762"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:6.14.17-1.14.20.1.2.module_el8.7.0+3342+b2df8497"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:7830",
"modified": "2022-11-23T22:19:30Z",
"published": "2022-11-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7830"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-44531"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-44532"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-44533"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-21824"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2040839"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2040846"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2040856"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2040862"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130518"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-7830.html"
}
],
"related": [
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2021-44533",
"CVE-2022-35256",
"CVE-2022-21824"
],
"summary": "Moderate: nodejs:14 security update"
}
cve-2022-35256
Vulnerability from osv_almalinux
Published
2022-10-17 00:00
Modified
2022-10-27 10:15
Summary
Important: nodejs:16 security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs 16.
Security Fix(es):
- nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.19-2.module_el8.6.0+3261+490666b3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "25-1.module_el8.5.0+2605+45d748af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.15.0-1.16.17.1.1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs 16.\n\nSecurity Fix(es):\n\n* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:6964",
"modified": "2022-10-27T10:15:16Z",
"published": "2022-10-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6964"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35255"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130517"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130518"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-6964.html"
}
],
"related": [
"CVE-2022-35255",
"CVE-2022-35256"
],
"summary": "Important: nodejs:16 security update"
}
cve-2022-35256
Vulnerability from osv_almalinux
Published
2022-11-08 00:00
Modified
2022-11-11 19:27
Summary
Important: nodejs:18 security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (18.9.1). (BZ#2130559, BZ#2131750)
Security Fix(es):
- nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.9.1-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.9.1-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.9.1-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.9.1-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.19-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.06-4.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.06-4.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.19.1-1.18.9.1.1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (18.9.1). (BZ#2130559, BZ#2131750)\n\nSecurity Fix(es):\n\n* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:7821",
"modified": "2022-11-11T19:27:35Z",
"published": "2022-11-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7821"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35255"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130517"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130518"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-7821.html"
}
],
"related": [
"CVE-2022-35255",
"CVE-2022-35256"
],
"summary": "Important: nodejs:18 security update"
}
GHSA-RC2M-Q589-VPQX
Vulnerability from github – Published: 2022-12-06 00:30 – Updated: 2023-01-26 21:30
VLAI?
Details
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-35256"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-05T22:15:00Z",
"severity": "CRITICAL"
},
"details": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.",
"id": "GHSA-rc2m-q589-vpqx",
"modified": "2023-01-26T21:30:24Z",
"published": "2022-12-06T00:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1675191"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
bit-node-2022-35256
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:03
Modified
2025-04-03 14:40
Summary
Details
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "node",
"purl": "pkg:bitnami/node"
},
"ranges": [
{
"events": [
{
"introduced": "14.0.0"
},
{
"fixed": "14.14.1"
},
{
"introduced": "14.15.0"
},
{
"fixed": "14.20.1"
},
{
"introduced": "16.0.0"
},
{
"fixed": "16.12.1"
},
{
"introduced": "16.13.0"
},
{
"fixed": "16.17.1"
},
{
"introduced": "18.0.0"
},
{
"fixed": "18.9.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2022-35256"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"
],
"severity": "Medium"
},
"details": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.",
"id": "BIT-node-2022-35256",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T11:03:03.899Z",
"references": [
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1675191"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
}
],
"schema_version": "1.5.0"
}
CERTFR-2023-AVI-0015
Vulnerability from certfr_avis - Published: 2023-01-10 - Updated: 2023-01-10
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.5.0 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller versions antérieures à V4.1.1 Patch 05 | ||
| Siemens | N/A | SINEC INS versions antérieures à V1.0 SP2 Update 1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions antérieures à V5.4.2 | ||
| Siemens | N/A | Solid Edge versions antérieures à V2023 MP1 | ||
| Siemens | N/A | JT Open versions antérieures à V13.1.1.0 | ||
| Siemens | N/A | Mendix SAML (Mendix 9 compatible, New Track) versions V3.3.x antérieures à V3.3.9 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5.0 Patch 01 | ||
| Siemens | N/A | Mendix SAML (Mendix 9 compatible, Upgrade Track) versions V3.3.x antérieures à V3.3.8 | ||
| Siemens | N/A | Automation License Manager V5 | ||
| Siemens | N/A | JT Open versions antérieures à V11.1.1.0 | ||
| Siemens | N/A | Mendix SAML (Mendix 8 compatible) versions V2.3.x antérieures à V2.3.4 | ||
| Siemens | N/A | Automation License Manager versions V6 antérieures à V6 SP9 Upd4 | ||
| Siemens | N/A | De nombreux produits SIMATIC, SIMOTION, SINAMICS, SINUMERIK et SIPLUS (Se référer au bulletin de sécurité de l'éditeur pour les versions affectées) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller versions ant\u00e9rieures \u00e0 V4.1.1 Patch 05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS versions ant\u00e9rieures \u00e0 V1.0 SP2 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V5.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge versions ant\u00e9rieures \u00e0 V2023 MP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V13.1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 9 compatible, New Track) versions V3.3.x ant\u00e9rieures \u00e0 V3.3.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5.0 Patch 01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 9 compatible, Upgrade Track) versions V3.3.x ant\u00e9rieures \u00e0 V3.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Automation License Manager V5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V11.1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 8 compatible) versions V2.3.x ant\u00e9rieures \u00e0 V2.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Automation License Manager versions V6 ant\u00e9rieures \u00e0 V6 SP9 Upd4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "De nombreux produits SIMATIC, SIMOTION, SINAMICS, SINUMERIK et SIPLUS (Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-38773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38773"
},
{
"name": "CVE-2022-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47935"
},
{
"name": "CVE-2022-45093",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45093"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-45092",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45092"
},
{
"name": "CVE-2022-45094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45094"
},
{
"name": "CVE-2021-44002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44002"
},
{
"name": "CVE-2021-44014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44014"
},
{
"name": "CVE-2022-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43513"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2019-13940",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
},
{
"name": "CVE-2019-10923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10923"
},
{
"name": "CVE-2022-2274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2274"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2018-4843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4843"
},
{
"name": "CVE-2022-47967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47967"
},
{
"name": "CVE-2022-46823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46823"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2022-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43514"
}
],
"initial_release_date": "2023-01-10T00:00:00",
"last_revision_date": "2023-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-936212 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-936212.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-482757 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-482757.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-332410 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-332410.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-476715 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-431678.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-997779 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-997779.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-592007 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-592007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-496604 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-496604.html"
}
]
}
CERTFR-2023-AVI-0362
Vulnerability from certfr_avis - Published: 2023-05-09 - Updated: 2023-05-09
De multiples vulnérabilités ont été découvertes dans IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité, une atteinte à la confidentialité des données, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.2.x antérieures à 8.2.1.17 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4.1 IF1 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.5.x antérieures à 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.4.x antérieures à 8.4.0.10 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP7 | ||
| IBM | N/A | IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x antérieures à 4.6.5 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.3.x antérieures à 8.3.1.9 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Virtualize versions 8.2.x ant\u00e9rieures \u00e0 8.2.1.17",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.1 IF1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.5.x ant\u00e9rieures \u00e0 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.4.x ant\u00e9rieures \u00e0 8.4.0.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP7",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x ant\u00e9rieures \u00e0 4.6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.3.x ant\u00e9rieures \u00e0 8.3.1.9",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2022-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43887"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2022-24434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24434"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2023-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2020-7789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2022-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43883"
},
{
"name": "CVE-2022-39160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39160"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2021-39036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39036"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2022-38708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38708"
}
],
"initial_release_date": "2023-05-09T00:00:00",
"last_revision_date": "2023-05-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0362",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6986505 du 05 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6986505"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6988147 du 05 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6988147"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6987769 du 02 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6987769"
}
]
}
CERTFR-2024-AVI-1051
Vulnerability from certfr_avis - Published: 2024-12-06 - Updated: 2024-12-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | VIOS | VIOS version 3.1 sans le correctif invscout_fix7.tar | ||
| IBM | AIX | AIX version 7.3 sans le correctif invscout_fix7.tar | ||
| IBM | Cognos Controller | Cognos Controller versions 11.0.x antérieures à 11.0.1 FP3 | ||
| IBM | AIX | AIX version 7.2 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.x antérieures à 6.2.2.2 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.0.0 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | VIOS | VIOS version 4.1 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.x antérieures à 6.2.3.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VIOS version 3.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.0.x ant\u00e9rieures \u00e0 11.0.1 FP3",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.2.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.3.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-47115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47115"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2021-22959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25020"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2024-41777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41777"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-22940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2024-25035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25035"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2021-22939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
},
{
"name": "CVE-2021-44532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2022-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0155"
},
{
"name": "CVE-2021-22960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
},
{
"name": "CVE-2024-41776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41776"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-25019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25019"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2021-22921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
},
{
"name": "CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2021-29892",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29892"
},
{
"name": "CVE-2024-45676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45676"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2024-40691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40691"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-41775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41775"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2021-44533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2022-21824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2024-25036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25036"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2021-44531",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2024-12-06T00:00:00",
"last_revision_date": "2024-12-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178033",
"url": "https://www.ibm.com/support/pages/node/7178033"
},
{
"published_at": "2024-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178054",
"url": "https://www.ibm.com/support/pages/node/7178054"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177220",
"url": "https://www.ibm.com/support/pages/node/7177220"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177981",
"url": "https://www.ibm.com/support/pages/node/7177981"
}
]
}
CERTFR-2022-AVI-1041
Vulnerability from certfr_avis - Published: 2022-11-21 - Updated: 2022-11-21
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.11 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.x antérieures à 3.7.32 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.20 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.5.x antérieures à 4.5.3 | ||
| Stormshield | Stormshield Management Center | Stormshield Management Center versions antérieures à 3.3.2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.11",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.32",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.20",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.5.x ant\u00e9rieures \u00e0 4.5.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 3.3.2",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2022-0554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0554"
},
{
"name": "CVE-2022-0572",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0572"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2022-0629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0629"
},
{
"name": "CVE-2022-0729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0729"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-0685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0685"
}
],
"initial_release_date": "2022-11-21T00:00:00",
"last_revision_date": "2022-11-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-006 du 17 novembre 2022",
"url": "https://advisories.stormshield.eu/2022-006/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-026 du 18 novembre 2022",
"url": "https://advisories.stormshield.eu/2022-026/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-024 du 28 septembre 2022",
"url": "https://advisories.stormshield.eu/2022-024/"
}
]
}
FKIE_CVE-2022-35256
Vulnerability from fkie_nvd - Published: 2022-12-05 22:15 - Updated: 2025-04-24 14:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf | Third Party Advisory | |
| support@hackerone.com | https://hackerone.com/reports/1675191 | Exploit, Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://www.debian.org/security/2023/dsa-5326 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1675191 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5326 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "1D907C43-56F3-4FB8-8F20-C90C65EE5A08",
"versionEndExcluding": "14.20.1",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA",
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "09BD0FC2-5AA1-4A22-8432-A2EEA314FE09",
"versionEndExcluding": "16.17.1",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "DA8C00DD-A6E5-4E3D-8DD4-F4B51F5C208A",
"versionEndExcluding": "18.9.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1D7F3488-19BB-4E97-AC9F-23F847F53774",
"versionEndExcluding": "6.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5",
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling."
},
{
"lang": "es",
"value": "El analizador llhttp en el m\u00f3dulo http en Node v18.7.0 no maneja correctamente los campos de encabezado que no terminan con CLRF. Esto puede resultar en tr\u00e1fico ilegal de solicitudes HTTP."
}
],
"id": "CVE-2022-35256",
"lastModified": "2025-04-24T14:15:32.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-05T22:15:10.570",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1675191"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1675191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-35256
Vulnerability from fstec - Published: 05.12.2022
VLAI Severity ?
Title
Уязвимость анализатора HTTP-кода llhttp программного обеспечения для управления сетевой инфраструктурой SINEC INS (Infrastructure Network Services), позволяющая нарушителю выполнить произвольный код
Description
Уязвимость анализатора HTTP-кода llhttp программного обеспечения для управления сетевой инфраструктурой SINEC INS (Infrastructure Network Services) связана с возможностью обхода механизма аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код
Severity ?
Vendor
Red Hat Inc., Сообщество свободного программного обеспечения, Novell Inc., Siemens AG, Node.js Foundation
Software Name
Red Hat Enterprise Linux, Debian GNU/Linux, Red Hat Software Collections, OpenSUSE Leap, SINEC INS, Node.js
Software Version
8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), - (Red Hat Software Collections), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 15.4 (OpenSUSE Leap), 9 (Red Hat Enterprise Linux), до 1.0 SP2 Update 1 (SINEC INS), от 14.0.0 до 14.14.0 включительно (Node.js), от 14.15.0 до 14.20.1 включительно (Node.js), от 16.0.0 до 16.12.0 включительно (Node.js), от 16.13.0 до 16.17.1 (Node.js), от 18.0.0 до 18.9.1 (Node.js)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- ограничение подключения к программному продукту из сетей общего пользования (Интернет);
- сегментирование сети с целью ограничения доступа к промышленному сегменту из других подсетей;
- применение средств межсетевого экранирования уровня веб-приложений.
Использование рекомендаций производителя:
Для Siemens AG:
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-35256
Для Node:
https://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44
https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2022-35256
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2022-35256.html
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
https://security-tracker.debian.org/tracker/CVE-2022-35256
https://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44
https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0
https://access.redhat.com/security/cve/CVE-2022-35256
https://www.suse.com/security/cve/CVE-2022-35256.html
CWE
CWE-444
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Siemens AG, Node.js Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), - (Red Hat Software Collections), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 15.4 (OpenSUSE Leap), 9 (Red Hat Enterprise Linux), \u0434\u043e 1.0 SP2 Update 1 (SINEC INS), \u043e\u0442 14.0.0 \u0434\u043e 14.14.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Node.js), \u043e\u0442 14.15.0 \u0434\u043e 14.20.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Node.js), \u043e\u0442 16.0.0 \u0434\u043e 16.12.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Node.js), \u043e\u0442 16.13.0 \u0434\u043e 16.17.1 (Node.js), \u043e\u0442 18.0.0 \u0434\u043e 18.9.1 (Node.js)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c\u0443 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0443 \u0438\u0437 \u0441\u0435\u0442\u0435\u0439 \u043e\u0431\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0443 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f Siemens AG:\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-35256\n\n\u0414\u043b\u044f Node:\nhttps://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44\nhttps://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-35256\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2022-35256.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.01.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.01.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00348",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-35256",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Red Hat Software Collections, OpenSUSE Leap, SINEC INS, Node.js",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Novell Inc. OpenSUSE Leap 15.4 , Red Hat Inc. Red Hat Enterprise Linux 9 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0430 HTTP-\u043a\u043e\u0434\u0430 llhttp \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 SINEC INS (Infrastructure Network Services), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u044f HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (\u0027\u041a\u043e\u043d\u0442\u0440\u0430\u0431\u0430\u043d\u0434\u0430 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432\u0027) (CWE-444)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0430 HTTP-\u043a\u043e\u0434\u0430 llhttp \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 SINEC INS (Infrastructure Network Services) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u0445\u043e\u0434\u0430 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\nhttps://security-tracker.debian.org/tracker/CVE-2022-35256\nhttps://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44\nhttps://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0\nhttps://access.redhat.com/security/cve/CVE-2022-35256\nhttps://www.suse.com/security/cve/CVE-2022-35256.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-444",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
cleanstart-2026-ln12820
Vulnerability from cleanstart
Published
2026-02-19 00:58
Modified
2026-02-18 09:40
Summary
vulnerability has been identified in Node
Details
Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-LN12820",
"modified": "2026-02-18T09:40:19Z",
"published": "2026-02-19T00:58:49.154512Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-LN12820.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vulnerability has been identified in Node",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
GSD-2022-35256
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-35256",
"id": "GSD-2022-35256",
"references": [
"https://advisories.mageia.org/CVE-2022-35256.html",
"https://access.redhat.com/errata/RHSA-2022:6963",
"https://access.redhat.com/errata/RHSA-2022:6964",
"https://access.redhat.com/errata/RHSA-2022:7044",
"https://access.redhat.com/errata/RHSA-2022:7821",
"https://access.redhat.com/errata/RHSA-2022:7830",
"https://www.suse.com/security/cve/CVE-2022-35256.html",
"https://www.debian.org/security/2023/dsa-5326",
"https://access.redhat.com/errata/RHSA-2023:0321"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-35256"
],
"details": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.",
"id": "GSD-2022-35256",
"modified": "2023-12-13T01:19:33.976610Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-35256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/nodejs/node",
"version": {
"version_data": [
{
"version_value": "Fixed in 14.20.1+, 16.17.1+,18.9.1+"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Request Smuggling (CWE-444)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1675191",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1675191"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"name": "DSA-5326",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2023/dsa-5326"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c6.0.10",
"affected_versions": "All versions before 6.0.10",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2023-05-12",
"description": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.",
"fixed_versions": [],
"identifier": "CVE-2022-35256",
"identifiers": [
"CVE-2022-35256"
],
"not_impacted": "",
"package_slug": "npm/llhttp",
"pubdate": "2022-12-05",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-35256",
"https://hackerone.com/reports/1675191"
],
"uuid": "a648cbcd-55a4-4096-8d5d-8578c1ab7b88"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.12.0",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.20.1",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.17.1",
"versionStartIncluding": "16.13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.9.1",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:llhttp:llhttp:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-35256"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1675191",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1675191"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"name": "DSA-5326",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
},
"lastModifiedDate": "2023-05-12T13:30Z",
"publishedDate": "2022-12-05T22:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…