CVE-2018-6333: Input Validation
First published: Mon Dec 31 2018(Updated: )
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0.
Credit: cve-assign@fb.com cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Nuclide | <0.290.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/github-advisory-latest
- alias/GHSA-r83x-wj75-v89r
- alias/CVE-2018-6333
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/author
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/first-publish-date
- agent/severity
- agent/tags
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/npm
- vendor/facebook
- canonical/facebook nuclide