Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-rwjh-urhy-gfb3
Vulnerability ID VCID-rwjh-urhy-gfb3
Aliases CVE-2021-22931
Summary nodejs: Improper handling of untypical characters in domain names
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-170 Improper Null Termination
System Score Found at
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json
epss 0.00662 https://api.first.org/data/v1/epss?cve=CVE-2021-22931
ssvc Track https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://hackerone.com/reports/1178337
ssvc Track https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
archlinux High https://security.archlinux.org/AVG-2286
ssvc Track https://security.gentoo.org/glsa/202401-02
ssvc Track https://security.netapp.com/advisory/ntap-20210923-0001/
ssvc Track https://security.netapp.com/advisory/ntap-20211022-0003/
ssvc Track https://www.oracle.com/security-alerts/cpujan2022.html
ssvc Track https://www.oracle.com/security-alerts/cpujul2022.html
ssvc Track https://www.oracle.com/security-alerts/cpuoct2021.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json
https://api.first.org/data/v1/epss?cve=CVE-2021-22931
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1178337 https://hackerone.com/reports/1178337
1993019 https://bugzilla.redhat.com/show_bug.cgi?id=1993019
aug-2021-security-releases https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
AVG-2286 https://security.archlinux.org/AVG-2286
GLSA-202401-02 https://security.gentoo.org/glsa/202401-02
GLSA-202405-29 https://security.gentoo.org/glsa/202405-29
ntap-20210923-0001 https://security.netapp.com/advisory/ntap-20210923-0001/
ntap-20211022-0003 https://security.netapp.com/advisory/ntap-20211022-0003/
RHSA-2021:3280 https://access.redhat.com/errata/RHSA-2021:3280
RHSA-2021:3281 https://access.redhat.com/errata/RHSA-2021:3281
RHSA-2021:3623 https://access.redhat.com/errata/RHSA-2021:3623
RHSA-2021:3638 https://access.redhat.com/errata/RHSA-2021:3638
RHSA-2021:3639 https://access.redhat.com/errata/RHSA-2021:3639
RHSA-2021:3666 https://access.redhat.com/errata/RHSA-2021:3666
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://hackerone.com/reports/1178337
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://security.gentoo.org/glsa/202401-02
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://security.netapp.com/advisory/ntap-20210923-0001/
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://security.netapp.com/advisory/ntap-20211022-0003/
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://www.oracle.com/security-alerts/cpujan2022.html
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://www.oracle.com/security-alerts/cpujul2022.html
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-11T21:01:01Z/ Found at https://www.oracle.com/security-alerts/cpuoct2021.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.71488
EPSS Score 0.00662
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:16:07.515899+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22931.json 38.6.0