PSIRT PVR0326107

[Nanubala]

Summary:
Node.js simple-get module security bypass CVE-2022-0355

Details:
nodejs-cve20220355-sec-bypass (218204) - reported on 2022-01-12 (Format: yyyy-mm-dd)

Node.js simple-get module ccould allow a remote attacker to bypass security restrictions, caused by improper protection to the cookie header. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to hijack an user account.

Consequences: Obtain Information

Remedy:
Upgrade to the latest version of simple-get (4.0.1 or later), available from the simple-get GIT Repository. See References.

X-Force Record: https://exchange.xforce.ibmcloud.com/vulnerabilities/218204

Attention: If the CVE is excluded from OWASP scanning, make sure to include it back, while remediating corresponding PSIRT. Acknowledge with appropriate comment before closing the PSIRT.

----------------------------------------------------------------------------------


Affected Products:

Node.js simple-get 4.0.1

Dependent Products

Node.js Node.js

Due Date: 2022-02-12
Service-now Reference: https://ibm.service-now.com/nav_to.do?uri=sn_vul_product_records.do?sys_id=fdb2cd0247d589502745775f746d4357

[Nanubala]

there is no simple-get vulnerability package

[Nanubala]

there is no simple-get vulnerability package

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Afftected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used

[Nanubala]

Affected package simple-get 4.0.0 is not used