Remote Code Execution Vulnerability in Node.js Debugger
CVE-2018-12120

8.1HIGH

Key Information:

Vendor: The Node.js Project
Status: Node.js
Vendor: CVE Published:; 28 November 2018

🔔 Create The Node.js Project Vulnerability Alert

What is CVE-2018-12120?

Node.js, prior to version 6.15.0, has a security vulnerability that exposes the debugger port (5858) to all network interfaces by default when the debugger is enabled. This configuration could potentially allow remote attackers to connect to the debugger and execute arbitrary JavaScript code on the server, leading to unauthorized actions and data breach. It is recommended to use a specific interface or upgrade to a newer version to mitigate this security risk.

Affected Version(s)

Node.js All versions prior to Node.js 6.15.0

References

https://nodejs.org/en/blog/vulnerability/november-2018-se...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106040

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2018
Vulnerability Reserved
Jun 11, 2018