Symptom
- Security scanning tool may report vulnerability CVE-2022-43548.
- Description is:
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
The fix for this issue in CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
Read more...
Environment
SAP PowerDesigner (PD) Web 16.7
Product
SAP PowerDesigner 16.7
Keywords
KBA , BC-SYB-PD , PowerDesigner , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.