Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
CVSS Information
N/A
Vulnerability Type
不恰当地信任反向DNS
Vulnerability Title
Nodejs 安全漏洞
Vulnerability Description
nodejs是是一个基于ChromeV8引擎的JavaScript运行环境通过对Chromev8引擎进行了封装以及使用事件驱动和非阻塞IO的应用让Javascript开发高性能的后台应用成为了可能。 Nodejs 存在安全漏洞,攻击者可利用该漏洞可以通过DNS重新绑定节点核心的Localhost6,利用漏洞来运行代码。以下产品和版本受到影响:Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0
CVSS Information
N/A
Vulnerability Type
N/A