Node.js: DNS rebinding in --inspect (insufficient fix of CVE-2018-7160)
Summary: While the debugger i.e., the --inspect option tries to prevent DNS rebinding, the whitelist is excessive. Description: The whitelist includes “localhost6”, which is not that widespread. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS...