CVE-2018-12123
Summary
| CVE | CVE-2018-12123 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-11-28 17:29:00 UTC |
|---|
| Updated | 2022-09-06 17:56:00 UTC |
|---|
| Description | Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| November 2018 Security Releases | Node.js |
CONFIRM |
nodejs.org |
Patch, Vendor Advisory |
| Node.js: Multiple vulnerabilities (GLSA 202003-48) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296075 Oracle Solaris 11.4 Support Repository Update (SRU) 21.69.0 Missing (CPUAPR2020)
- 500432 Alpine Linux Security Update for nodejs
- 501095 Alpine Linux Security Update for nodejs-current
- 504195 Alpine Linux Security Update for nodejs
- 900064 CBL-Mariner Linux Security Update for nodejs 8.11.4
- 903580 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (4299)
