Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-12123

Опубликовано: 28 нояб. 2018
Источник: nvd
CVSS3: 4.3
CVSS2: 4.3
EPSS Низкий

Описание

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 6.0.0 (включая) до 6.15.0 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 8.0.0 (включая) до 8.14.0 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Версия от 10.0.0 (включая) до 10.14.0 (исключая)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Версия от 11.0.0 (включая) до 11.3.0 (исключая)

EPSS

Процентиль: 91%
0.06364
Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-115
CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2018-12123

CVSS3: 4.3
ubuntu
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

redhat логотип

CVE-2018-12123

CVSS3: 5.3
redhat
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

msrc логотип

CVE-2018-12123

CVSS3: 4.3
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-12123

CVSS3: 4.3
debian
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...

github логотип

GHSA-f6m9-hpfw-xjw4

CVSS3: 4.3
github
около 3 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

EPSS

Процентиль: 91%
0.06364
Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-115
CWE-20