Lucene search
GoogleOSV:GHSA-WQ4C-WM6X-JW44HistoryMay 13, 2022 - 1:08 a.m.
Node.js Inspector RCE via DNS Rebinding
2022-05-1301:08:23
Google
osv.dev
18
node.js
inspector
rce
dns rebinding
remote code execution
attack
web browser
debug port
localhost
network access
EPSS
0.033
Percentile
91.3%
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
Related
nessus
nessus
F5 Networks BIG-IP : NodeJS vulnerability (K63025104)
2019-12-31 00:00:00
Fedora 33 : 1:nodejs (2021-a760169c3c)
2021-03-12 00:00:00
SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:1183-1)
2019-01-02 00:00:00
prion
prion
Remote code execution
2018-05-17 14:29:00
Code injection
2021-03-03 18:15:00
debiancve
debiancve
CVE-2018-7160
2018-05-17 14:29:00
CVE-2021-22884
2021-03-03 18:15:14
ubuntucve
ubuntucve
CVE-2018-7160
2018-05-17 00:00:00
CVE-2021-22884
2021-03-03 00:00:00
openvas
openvas
Node.js DNS Rebinding Vulnerability - Windows
2018-07-09 00:00:00
Node.js DNS Rebinding Vulnerability - Mac OS X
2018-07-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1183-1)
2021-06-09 00:00:00
f5
f5
K63025104 : NodeJS vulnerability CVE-2018-7160
2019-11-25 00:00:00
redhatcve
redhatcve
CVE-2018-7160
2020-03-30 08:22:03
CVE-2021-22884
2021-02-23 20:03:29
alpinelinux
alpinelinux
CVE-2018-7160
2018-05-17 14:29:00
CVE-2021-22884
2021-03-03 18:15:14
veracode
veracode
DNS Rebinding
2018-05-09 08:26:57
cvelist
cvelist
CVE-2018-7160
2018-05-17 14:00:00
CVE-2021-22884
2021-03-03 17:37:46
cve
cve
CVE-2018-7160
2018-05-17 14:29:00
CVE-2021-22884
2021-03-03 18:15:14
github
github
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
2022-05-13 01:08:23
osv
osv
CVE-2018-7160
2018-05-17 14:29:00
BIT-node-2021-22884
2024-03-06 11:07:03
CVE-2021-22884
2021-03-03 18:15:14
nvd
nvd
CVE-2018-7160
2018-05-17 14:29:00
CVE-2021-22884
2021-03-03 18:15:14
hackerone
hackerone
fedora
fedora
[SECURITY] Fedora 26 Update: nodejs-6.14.0-1.fc26
2018-04-06 14:38:24
[SECURITY] Fedora 27 Update: libuv-1.19.2-1.fc27
2018-04-03 14:52:54
[SECURITY] Fedora 27 Update: nodejs-8.11.0-1.fc27
2018-04-03 14:52:54
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private and IBM Cloud Private Cloud Foundry (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160)
2018-09-14 21:30:01
freebsd
freebsd
node.js -- multiple vulnerabilities
2018-03-21 00:00:00
Node.js -- February 2021 Security Releases
2021-02-23 00:00:00
nodejsblog
nodejsblog
March 2018 Security Releases
2018-03-21 00:00:00
February 2021 Security Releases
2021-02-23 00:00:00
September 23rd 2022 Security Releases
2022-09-15 00:00:00
redhat
redhat
(RHSA-2018:2949) Important: rh-nodejs8-nodejs security update
2018-10-18 09:47:33
ubuntu
ubuntu
Node.js vulnerabilities
2021-03-15 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2019-09-15 16:24:16
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00