CVE-2018-12123
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-12123
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入的错误解释
Source: NVD (National Vulnerability Database)
Vulnerability Title
Joyent Node.js 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。该平台主要用于构建高度可伸缩的应用程序,以及编写能够处理数万条且同时连接到一个物理机的连接代码。 Joyent Node.js中用于javascript协议的URL解析器存在输入验证错误漏洞。攻击者可借助大小写混淆的“javascript:”(如“javAscript:”)协议利用该漏洞伪造主机名。以下版本受到影响:Joyent Node.js 6.15.0之前版本,8.14.0之
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The Node.js Project | Node.js | All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0 | - |
II. Public POCs for CVE-2018-12123
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-12123
请登录查看更多情报信息。
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/x_refsource_CONFIRM
- Node.js: Multiple vulnerabilities (GLSA 202003-48) — Gentoo securityvendor-advisoryx_refsource_GENTOO
- https://nvd.nist.gov/vuln/detail/CVE-2018-12123
Same Patch Batch · The Node.js Project · 2018-11-28 · 5 CVEs total
| CVE-2018-12116 | Node.js 安全漏洞 | |
| CVE-2018-12120 | Joyent Node.js 安全特征问题漏洞 | |
| CVE-2018-12121 | Joyent Node.js 资源管理错误漏洞 | |
| CVE-2018-12122 | Joyent Node.js 资源管理错误漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-115
- CVE-2025-68113
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Re - CVE-2025-54584
GitProxy is vulnerable to a packfile parsing exploit - CVE-2025-5826
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_ms - CVE-2025-5747
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpreta - CVE-2025-32908
Libsoup: denial of service on libsoup through http/2 server
V. Comments for CVE-2018-12123
No comments yet