5 matches found
BIT-NODE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
DNS Rebinding
Overview Affected versions of this package are vulnerable to DNS Rebinding in dns.lookup lib/dns.js and lookupAndConnect lib/net.js, which forward a hostname containing an embedded NUL byte to the native resolver bindings where the C string is truncated at the first NUL. An attacker can cause an...
EUVD-2026-39614
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
Node.js: Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings
Vulnerability description not provided...