Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
CVSS Information
N/A
Vulnerability Type
不恰当地信任反向DNS
Vulnerability Title
Joyent Node.js inspector 安全漏洞
Vulnerability Description
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。inspector是其中的一个调试工具。 Joyent Node.js 6.x及之后版本中的inspector存在安全漏洞。远程攻击者可借助恶意的网站利用该漏洞绕过同源协议检查并通过HTTP协议连接到本地主机或本地网络上的主机,并且可能执行代码。
CVSS Information
N/A
Vulnerability Type
N/A