Количество 13
Количество 13
CVE-2018-12123
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.
CVE-2018-12123
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.
CVE-2018-12123
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.
CVE-2018-12123
Node.js: All versions prior to Node.js 6.15.0 8.14.0 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname they may be incorrect.
CVE-2018-12123
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...
GHSA-f6m9-hpfw-xjw4
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.
openSUSE-SU-2019:0089-1
Security update for nodejs8
SUSE-SU-2019:0118-1
Security update for nodejs8
openSUSE-SU-2019:0234-1
Security update for nodejs6
openSUSE-SU-2019:0088-1
Security update for nodejs4
SUSE-SU-2019:0395-1
Security update for nodejs6
SUSE-SU-2019:0117-1
Security update for nodejs4
SUSE-SU-2019:14246-1
Security update for Mozilla Firefox
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-12123 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. | CVSS3: 4.3 | 3% Низкий | почти 7 лет назад |
 | CVE-2018-12123 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. | CVSS3: 5.3 | 3% Низкий | почти 7 лет назад |
 | CVE-2018-12123 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. | CVSS3: 4.3 | 3% Низкий | почти 7 лет назад |
 | CVE-2018-12123 Node.js: All versions prior to Node.js 6.15.0 8.14.0 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname they may be incorrect. | CVSS3: 4.3 | 3% Низкий | больше 4 лет назад |
| CVE-2018-12123 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ... | CVSS3: 4.3 | 3% Низкий | почти 7 лет назад |
| GHSA-f6m9-hpfw-xjw4 Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. | CVSS3: 4.3 | 3% Низкий | больше 3 лет назад |
 | openSUSE-SU-2019:0089-1 Security update for nodejs8 | больше 6 лет назад | ||
| SUSE-SU-2019:0118-1 Security update for nodejs8 | почти 7 лет назад | ||
| openSUSE-SU-2019:0234-1 Security update for nodejs6 | больше 6 лет назад | ||
| openSUSE-SU-2019:0088-1 Security update for nodejs4 | почти 7 лет назад | ||
| SUSE-SU-2019:0395-1 Security update for nodejs6 | больше 6 лет назад | ||
| SUSE-SU-2019:0117-1 Security update for nodejs4 | почти 7 лет назад | ||
| SUSE-SU-2019:14246-1 Security update for Mozilla Firefox | почти 6 лет назад |
Уязвимостей на страницу