Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12123

Опубликовано: 28 нояб. 2018
Источник: ubuntu
Приоритет: low
CVSS2: 4.3
CVSS3: 4.3

Описание

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

10.15.1~dfsg-5
disco

not-affected

10.15.1~dfsg-5
eoan

not-affected

10.15.1~dfsg-5
esm-apps/bionic

released

8.10.0~dfsg-2ubuntu0.4+esm1
esm-apps/focal

not-affected

10.15.1~dfsg-5
esm-apps/jammy

not-affected

10.15.1~dfsg-5
esm-apps/noble

not-affected

10.15.1~dfsg-5
esm-apps/xenial

needed

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

4.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-12123

CVSS3: 5.3
redhat
почти 7 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

nvd логотип

CVE-2018-12123

CVSS3: 4.3
nvd
почти 7 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

msrc логотип

CVE-2018-12123

CVSS3: 4.3
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2018-12123

CVSS3: 4.3
debian
почти 7 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...

github логотип

GHSA-f6m9-hpfw-xjw4

CVSS3: 4.3
github
больше 3 лет назад

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

4.3 Medium

CVSS2

4.3 Medium

CVSS3