CVE-2021-22931 in JD Edwards EnterpriseOne Toolsinfo

Summary

by MITRE • 08/16/2021

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/15/2025

The vulnerability identified as CVE-2021-22931 represents a critical security flaw in Node.js versions prior to 16.6.0, 14.17.4, and 12.22.4 that stems from inadequate input validation within the dns library. This weakness specifically targets the handling of host names returned by Domain Name Servers, creating a pathway for malicious actors to exploit applications that rely on Node.js dns functionality. The vulnerability manifests when applications fail to properly validate the output from DNS resolution operations, potentially allowing attackers to inject malicious host names into the application's processing pipeline.

The technical flaw resides in the dns library's insufficient validation of hostname responses from DNS servers, which creates opportunities for domain hijacking attacks. When Node.js processes DNS responses without proper validation, it accepts potentially malicious hostnames that could be used to redirect traffic or inject harmful content into applications. This vulnerability operates at the network layer of application security and directly impacts the integrity of DNS resolution processes that are fundamental to internet connectivity and application functionality. The flaw can be categorized under CWE-20 as "Improper Input Validation" and aligns with ATT&CK technique T1071.004 for Application Layer Protocol: DNS, where adversaries manipulate DNS responses to achieve their objectives.

The operational impact of this vulnerability extends beyond simple application crashes to encompass full remote code execution capabilities and cross-site scripting vulnerabilities. Attackers can exploit this weakness to inject malicious hostnames into applications that depend on DNS resolution, potentially leading to unauthorized code execution on target systems. The vulnerability also enables domain hijacking scenarios where legitimate domain traffic can be redirected to attacker-controlled servers, compromising the application's security posture and potentially leading to data breaches or service disruption. Applications using Node.js dns library without proper input sanitization become vulnerable to these attacks, making the exploitation particularly dangerous in production environments.

Mitigation strategies for CVE-2021-22931 require immediate application of the latest Node.js patches that address the input validation issues in the dns library. Organizations should implement comprehensive input validation for all DNS resolution outputs, particularly when applications process hostnames returned from external DNS servers. Network administrators should consider implementing DNS security measures such as DNSSEC validation and monitoring for unusual DNS resolution patterns. The recommended approach includes upgrading to patched Node.js versions, implementing proper hostname validation routines, and conducting security audits of applications that utilize DNS functionality. Additionally, organizations should establish monitoring protocols to detect potential DNS hijacking attempts and ensure that all applications properly sanitize DNS responses before processing them further. These measures align with security best practices outlined in NIST SP 800-53 and ISO/IEC 27001 frameworks for secure application development and network security management.

Reservation

01/06/2021

Disclosure

08/16/2021

Moderation

accepted

Entry

4

Relate

show

CPE

ready

EPSS

0.21952

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!