Lucene search
PRIOn knowledge basePRION:CVE-2018-7160HistoryMay 17, 2018 - 2:29 p.m.
Remote code execution
2018-05-1714:29:00
PRIOn knowledge base
www.prio-n.com
8
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
Related
nessus
nessus
F5 Networks BIG-IP : NodeJS vulnerability (K63025104)
2019-12-31 00:00:00
Fedora 33 : 1:nodejs (2021-a760169c3c)
2021-03-12 00:00:00
Ubuntu 18.04 ESM / 20.04 LTS : Node.js vulnerabilities (USN-6418-1)
2023-10-05 00:00:00
debiancve
debiancve
CVE-2018-7160
2018-05-17 14:29:00
CVE-2021-22884
2021-03-03 18:15:14
f5
f5
K63025104 : NodeJS vulnerability CVE-2018-7160
2019-11-25 00:00:00
ubuntucve
ubuntucve
CVE-2018-7160
2018-05-17 00:00:00
CVE-2021-22884
2021-03-03 00:00:00
osv
osv
Node.js Inspector RCE via DNS Rebinding
2022-05-13 01:08:23
CVE-2018-7160
2018-05-17 14:29:00
BIT-node-2021-22884
2024-03-06 11:07:03
openvas
openvas
Node.js DNS Rebinding Vulnerability - Windows
2018-07-09 00:00:00
Node.js DNS Rebinding Vulnerability - Mac OS X
2018-07-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1183-1)
2021-06-09 00:00:00
redhatcve
redhatcve
CVE-2018-7160
2020-03-30 08:22:03
CVE-2021-22884
2021-02-23 20:03:29
nvd
nvd
CVE-2018-7160
2018-05-17 14:29:00
CVE-2021-22884
2021-03-03 18:15:14
veracode
veracode
DNS Rebinding
2018-05-09 08:26:57
cvelist
cvelist
CVE-2018-7160
2018-03-21 00:00:00
CVE-2021-22884
2021-03-03 17:37:46
cve
cve
CVE-2018-7160
2018-05-17 14:29:00
CVE-2021-22884
2021-03-03 18:15:14
github
github
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
2022-05-13 01:08:23
alpinelinux
alpinelinux
CVE-2018-7160
2018-05-17 14:29:00
CVE-2021-22884
2021-03-03 18:15:14
hackerone
hackerone
prion
prion
Code injection
2021-03-03 18:15:00
fedora
fedora
[SECURITY] Fedora 26 Update: nodejs-6.14.0-1.fc26
2018-04-06 14:38:24
[SECURITY] Fedora 27 Update: nodejs-8.11.0-1.fc27
2018-04-03 14:52:54
[SECURITY] Fedora 27 Update: libuv-1.19.2-1.fc27
2018-04-03 14:52:54
freebsd
freebsd
node.js -- multiple vulnerabilities
2018-03-21 00:00:00
Node.js -- February 2021 Security Releases
2021-02-23 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private and IBM Cloud Private Cloud Foundry (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160)
2018-09-14 21:30:01
nodejsblog
nodejsblog
February 2021 Security Releases
2021-02-23 00:00:00
March 2018 Security Releases
2018-03-21 00:00:00
September 23rd 2022 Security Releases
2022-09-15 00:00:00
redhat
redhat
(RHSA-2018:2949) Important: rh-nodejs8-nodejs security update
2018-10-18 09:47:33
ubuntu
ubuntu
Node.js vulnerabilities
2021-03-15 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2019-09-15 16:24:16
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00