doc: add vulnerabilities (and updates) for September 2022 security re…

…leases (#835)

vuln/core/100.json

@@ -0,0 +1,7 @@
+{
+  "cve": ["CVE-2022-35256"],
+  "vulnerable": "14.x || 16.x || 18.x",
+  "patched": "14.20.1 || 16.17.1 || 18.9.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/",
+  "overview": "The llhttp parser in the http module in Node.js v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling."
+}

vuln/core/101.json

@@ -0,0 +1,7 @@
+{
+  "cve": ["CVE-2022-35255"],
+  "vulnerable": "18.x",
+  "patched": "18.9.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/",
+  "overview": "Node.js made calls to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. However, it does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail."
+}

vuln/core/94.json

@@ -1,7 +1,7 @@
 {
   "cve": ["CVE-2022-32215"],
   "vulnerable": "14.x || 16.x || 18.x",
-  "patched": "14.20.0 || 16.20.0 || 18.5.0",
-  "ref": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/",
+  "patched": "14.20.1 || 16.17.1 || 18.9.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/",
   "overview": "The llhttp parser in the http module in Node does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS)."
 }

vuln/core/96.json

@@ -1,7 +1,7 @@
 {
   "cve": ["CVE-2022-32212"],
   "vulnerable": "14.x || 16.x || 18.x",
-  "patched": "14.20.0 || 16.20.0 || 18.5.0",
-  "ref": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/",
+  "patched": "14.20.1 || 16.17.1 || 18.9.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/",
   "overview": "The IsAllowedHost check in https://github.com/nodejs/node/blob/fdf0a84e826d3a9ec0ce6f5a3f5adc967fe99408/src/inspector_socket.cc#L580 can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided (for instance 10.0.2.555 is provided), the browser will make a DNS requests to the DNS server, providing a vector for an attacker-controlled DNS server to perform a rebinding attack and hence access the JSON file containing the WebSocket file.\n The fix we introduced in https://hackerone.com/reports/1069487 was not complete."
 }

vuln/core/97.json

@@ -1,7 +1,7 @@
 {
   "cve": ["CVE-2022-32213"],
   "vulnerable": "14.x || 16.x || 18.x",
-  "patched": "14.20.0 || 16.20.0 || 18.5.0",
-  "ref": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/",
+  "patched": "14.20.1 || 16.17.1 || 18.9.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/",
   "overview": "The llhttp parser in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS)."
 }

vuln/core/99.json

@@ -1,7 +1,7 @@
 {
   "cve": ["CVE-2022-32222"],
   "vulnerable": "14.x || 16.x || 18.x",
-  "patched": "14.20.0 || 16.20.0 || 18.5.0",
-  "ref": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/",
+  "patched": "14.20.0 || 16.20.0 || 18.9.1",
+  "ref": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/",
   "overview": "On linux, versions of 18.x prior to Y used a default path for openssl.cnf  that was within a path that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3."
 }