View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2022-32212: 2 source package rows (nodejs, nodejs-current); 67 state rows across 12 repos (3.17-community, 3.18-community, 3.19-community, 3.19-main, 3.20-community, 3.20-main, 3.21-community, 3.21-main, 3.22-community, 3.22-main, edge-community, edge-main); fixed 67, open 0.
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.