Executive Summary

Informations
NameCVE-2018-12123First vendor Publication2018-11-28
VendorCveLast vendor Modification2018-12-26

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12123

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application123

Nessus® Vulnerability Scanner

DateDescription
2018-12-28Name : Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File : nodejs_2018_nov.nasl - Type : ACT_GATHER_INFO
2018-12-10Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-02-12 12:04:50
  • Multiple Updates
2018-12-27 00:21:36
  • Multiple Updates
2018-11-28 21:19:50
  • First insertion