-
-
Notifications
You must be signed in to change notification settings - Fork 131
Expand file tree
/
Copy path59.json
More file actions
17 lines (17 loc) · 820 Bytes
/
59.json
File metadata and controls
17 lines (17 loc) · 820 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
{
"cve": [
"CVE-2018-12123"
],
"vulnerable": "6.x || 8.x || 10.x || 11.x",
"patched": "^6.15.0 || ^8.14.0 || ^10.14.0 || ^11.3.0",
"publish_date": "2018-11-27",
"author": "Matteo Collina",
"reported_by": "Martin Bajanik",
"ref": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"type": "CWE-115: Misinterpretation of Input",
"overview": "Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",
"affectedEnvironments": [
"all"
],
"severity": "medium"
}