How severe is CVE-2021-22884?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-22884?

This is classified as CWE-350, which is a common weakness in software security.

CVE-2021-22884

HIGH Year: 2021

CVSS v3 Score

7.5

High

CVSS v2 Score

5.1

Medium

Weakness Type

CWE-350

View all →

Vulnerability Description

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.

CVE-2017-0902

HIGH

CVSS:8.1(High)

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker...

CWE-3502017

CVE-2024-42364

MEDIUM

CVSS:6.5(Medium)

Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and authe...

CWE-3502024

CVE-2018-7160

HIGH

CVSS:8.8(High)

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web b...

CWE-3502018

CVE-2021-34561

HIGH

CVSS:8.8(High)

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any...

CWE-3502021

CVE-2023-52235

HIGH

CVSS:8.8(High)

SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack.

CWE-3502023

CVE-2020-11091

MEDIUM

CVSS:5.8(Medium)

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a clust...

CWE-3502020

CVE-2021-22884

Vulnerability Description

Related Vulnerabilities

CVE-2017-0902

CVE-2024-42364

CVE-2018-7160

CVE-2021-34561

CVE-2023-52235

CVE-2020-11091