CVE-2018-12123 -- nodejsDeprecated |
ID: oval:org.secpod.oval:def:2000556 | Date: (C)2019-04-21 (M)2024-05-22 |
Class: VULNERABILITY | Family: unix |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" protocol . If security decisions are made about the URL based on the hostname, they may be incorrect.
Platform: |
Debian 8.x |
Debian 9.x |