Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12123

Опубликовано: 28 нояб. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 4.3

Описание

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

10.15.1~dfsg-5
disco

not-affected

10.15.1~dfsg-5
eoan

not-affected

10.15.1~dfsg-5
esm-apps/bionic

released

8.10.0~dfsg-2ubuntu0.4+esm1
esm-apps/focal

not-affected

10.15.1~dfsg-5
esm-apps/jammy

not-affected

10.15.1~dfsg-5
esm-apps/noble

not-affected

10.15.1~dfsg-5
esm-apps/xenial

needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%
0.06364
Низкий

4.3 Medium

CVSS2

4.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-12123

CVSS3: 5.3
redhat
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

nvd логотип

CVE-2018-12123

CVSS3: 4.3
nvd
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

msrc логотип

CVE-2018-12123

CVSS3: 4.3
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-12123

CVSS3: 4.3
debian
больше 6 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...

github логотип

GHSA-f6m9-hpfw-xjw4

CVSS3: 4.3
github
около 3 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

EPSS

Процентиль: 91%
0.06364
Низкий

4.3 Medium

CVSS2

4.3 Medium

CVSS3