DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)
Team Summary
Official summary from Internet Bug Bounty
##DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices) (High) (CVE-2022-32212, CVE-2018-7160) The fix for CVE-2022-32212, covered the cases for routable IP addresses, however, there exists a specific behavior on macOS devices when handling the http://0.0.0.0 URL that allows an attacker-controlled DNS server to bypass the DNS rebinding protection by resolving hosts in the .local domain. An attacker-controlled DNS server can, resolve <Computer Name>.local to any arbitrary IP address, and consequently cause the victim's browser to load arbitrary content at http://0.0.0.0. This allows the attacker to bypass the DNS rebinding protection. ###Impacts: All versions of the 18.x, 16.x, and 14.x release lines.
Vulnerability Details
Technical details and impact analysis
Related CVEs
Associated Common Vulnerabilities and Exposures
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$4200.00
Submitted
Weakness
Improper Access Control - Generic