-
Notifications
You must be signed in to change notification settings - Fork 121
/
48.json
10 lines (10 loc) · 962 Bytes
/
48.json
1
2
3
4
5
6
7
8
9
10
{
"cve": [
"CVE-2018-7160"
],
"vulnerable": "6.x || 8.x || 9.x",
"patched": "^6.14.0 || ^8.11.0 || ^9.10.0",
"ref": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
"overview": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.",
"affectedEnvironments": ["all"]
}