node
is vulnerable to DNS rebinding attacks. The vulnerability exists in the inspector
introduced since node 6.x
and allows a website to use a DNS rebinding attack to bypass the same-origin-policy
checks on the web browsers, opening the inspector port as a debugger and using it for executing arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
node | le | 6.13.0 | |
node | le | 8.10.0 | |
node | le | 9.9.0 | |
rh-nodejs8-nodejs | eq | 8.3.0__2.el7 | |
rh-nodejs8-nodejs | eq | 8.6.0__1.el7 | |
rh-nodejs8-nodejs | eq | 8.9.4__2.el7 | |
node.js | le | 5.3.0 | |
node | le | 6.13.0 | |
node | le | 8.10.0 | |
node | le | 9.9.0 |
bugzilla.redhat.com/show_bug.cgi?id=1562026
github.com/nodejs/node/commit/80310e916aff24dc6b3477ad52a697dff84fc78e
github.com/nodejs/node/commit/b2a6c9745298c11f05bd8583761439ee701721c9
github.com/nodejs/node/commit/ffbcd1d1d154a793cf4f2db7fbca66f80ef374b5
nodejs.org/en/blog/vulnerability/march-2018-security-releases/
support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS
www.oracle.com//security-alerts/cpujul2021.html