HIGH🇵🇱 Wersja polska

CVE-2018-12116

CVSS 7.5v3.1pub. 2018-11-28upd. 2024-11-21

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Node.js

    APP
    Nodejs
    6.0.0 – 6.8.16.9.0 – 6.15.0 (bez)8.0.0 – 8.8.18.9.0 – 8.14.0 (bez)
  • SUSE Enterprise Storage

    APP
    Suse
    4
  • SUSE Linux Enterprise Server

    OS
    Suse
    1215
  • SUSE Openstack Cloud

    OS
    Suse
    78
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-48930CRITICAL9.8PL ✓ten sam produkt

Node.js TLS: błąd obsługi hostname z null-bajtem prowadzi do przekierowania authority

CVE-2025-55130CRITICAL9.1PL ✓ten sam produkt

Obejście modelu uprawnień w Node.js poprzez spreparowane symlinki

CVE-2026-21636CRITICAL10.0PL ✓ten sam produkt

Node.js: obejście modelu uprawnień przez Unix Domain Socket

CVE-2024-3566CRITICAL9.8PL ✓ten sam produkt

Command injection w aplikacjach Windows korzystających z CreateProcess

CVE-2024-21896CRITICAL9.8PL ✓ten sam produkt

Path traversal w Permission Model Node.js przez monkey-patching Buffer

CVE-2018-12116 — Nodejs — Node.Js — HIGH — CVSS 7.5 | CVEbaza.pl