Reliance on Reverse DNS Resolution for a Security-Critical Action

CVE-2021-22884

High

7.5/10

Summary

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.

References

Advisory Timeline

Published Mar 03, 2021

Reliance on Reverse DNS Resolution for a Security-Critical Action

CVE-2021-22884

Summary

CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS