Количество 8
Количество 8
GHSA-wq4c-wm6x-jw44
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebindi ...
openSUSE-SU-2018:1209-1
Security update for nodejs6
SUSE-SU-2018:1183-1
Security update for nodejs6
SUSE-SU-2019:14246-1
Security update for Mozilla Firefox
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-wq4c-wm6x-jw44 Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding | CVSS3: 8.8 | 1% Низкий | около 3 лет назад |
 | CVE-2018-7160 The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
 | CVE-2018-7160 The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | CVSS3: 5.8 | 1% Низкий | больше 7 лет назад |
 | CVE-2018-7160 The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
| CVE-2018-7160 The Node.js inspector, in 6.x and later is vulnerable to a DNS rebindi ... | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
 | openSUSE-SU-2018:1209-1 Security update for nodejs6 | около 7 лет назад | ||
| SUSE-SU-2018:1183-1 Security update for nodejs6 | около 7 лет назад | ||
| SUSE-SU-2019:14246-1 Security update for Mozilla Firefox | больше 5 лет назад |
Уязвимостей на страницу