[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-12120":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":400,"aliases":401,"duplicate_of":9,"upstream":402,"downstream":403,"duplicates":414,"related":415,"reserved_at":9,"published_at":419,"modified_at":420,"state":421,"summary":422,"references_raw":431,"kevs":447,"epss":448,"epss_history":451,"metrics":716,"affected":727},"CVE-2018-12120","Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.",null,[11,371],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-829","Inclusion of Functionality from Untrusted Control Sphere","The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.","weakness","Incomplete","Base",[19,23,27,31,151,155,159,163,192,196,265,323,339],{"id":20,"name":21,"techniques":22},"CAPEC-175","Code Inclusion",[],{"id":24,"name":25,"techniques":26},"CAPEC-201","Serialized Data External Linking",[],{"id":28,"name":29,"techniques":30},"CAPEC-228","DTD Injection",[],{"id":32,"name":33,"techniques":34},"CAPEC-251","Local Code Inclusion",[35],{"id":36,"name":37,"tactics":38,"countermeasures":48},"T1055","Process Injection",[39,42,45],{"id":40,"name":41},"TA0030","Defense Evasion",{"id":43,"name":44},"TA0005","Stealth",{"id":46,"name":47},"TA0111","Privilege Escalation",[49,54,58,62,66,70,74,78,82,86,91,96,101,105,109,114,119,123,127,131,135,139,143,147],{"id":50,"name":51,"tactic":52},"D3-FA","File Analysis",{"name":53},"Detect",{"id":55,"name":56,"tactic":57},"D3-FIM","File Integrity Monitoring",{"name":53},{"id":59,"name":60,"tactic":61},"D3-DA","Dynamic Analysis",{"name":53},{"id":63,"name":64,"tactic":65},"D3-EFA","Emulated File Analysis",{"name":53},{"id":67,"name":68,"tactic":69},"D3-SCA","System Call Analysis",{"name":53},{"id":71,"name":72,"tactic":73},"D3-MBT","Memory Boundary Tracking",{"name":53},{"id":75,"name":76,"tactic":77},"D3-PCSV","Process Code Segment Verification",{"name":53},{"id":79,"name":80,"tactic":81},"D3-PSA","Process Spawn Analysis",{"name":53},{"id":83,"name":84,"tactic":85},"D3-SFA","System File Analysis",{"name":53},{"id":87,"name":88,"tactic":89},"D3-FEV","File Eviction",{"name":90},"Evict",{"id":92,"name":93,"tactic":94},"D3-DF","Decoy File",{"name":95},"Deceive",{"id":97,"name":98,"tactic":99},"D3-FE","File Encryption",{"name":100},"Harden",{"id":102,"name":103,"tactic":104},"D3-PSEP","Process Segment Execution Prevention",{"name":100},{"id":106,"name":107,"tactic":108},"D3-SAOR","Segment Address Offset Randomization",{"name":100},{"id":110,"name":111,"tactic":112},"D3-RF","Restore File",{"name":113},"Restore",{"id":115,"name":116,"tactic":117},"D3-CF","Content Filtering",{"name":118},"Isolate",{"id":120,"name":121,"tactic":122},"D3-LFP","Local File Permissions",{"name":118},{"id":124,"name":125,"tactic":126},"D3-RFAM","Remote File Access Mediation",{"name":118},{"id":128,"name":129,"tactic":130},"D3-CQ","Content Quarantine",{"name":118},{"id":132,"name":133,"tactic":134},"D3-CM","Content Modification",{"name":118},{"id":136,"name":137,"tactic":138},"D3-EAL","Executable Allowlisting",{"name":118},{"id":140,"name":141,"tactic":142},"D3-EDL","Executable Denylisting",{"name":118},{"id":144,"name":145,"tactic":146},"D3-SCF","System Call Filtering",{"name":118},{"id":148,"name":149,"tactic":150},"D3-HBPI","Hardware-based Process Isolation",{"name":118},{"id":152,"name":153,"techniques":154},"CAPEC-252","PHP Local File Inclusion",[],{"id":156,"name":157,"techniques":158},"CAPEC-253","Remote Code Inclusion",[],{"id":160,"name":161,"techniques":162},"CAPEC-263","Force Use of Corrupted Files",[],{"id":164,"name":165,"techniques":166},"CAPEC-538","Open-Source Library Manipulation",[167],{"id":168,"name":169,"tactics":170,"countermeasures":174},"T1195.001","Compromise Software Dependencies and Development Tools",[171],{"id":172,"name":173},"TA0108","Initial Access",[175,180,184,188],{"id":176,"name":177,"tactic":178},"D3-SWI","Software Inventory",{"name":179},"Model",{"id":181,"name":182,"tactic":183},"D3-AVE","Asset Vulnerability Enumeration",{"name":179},{"id":185,"name":186,"tactic":187},"D3-SU","Software Update",{"name":100},{"id":189,"name":190,"tactic":191},"D3-RS","Restore Software",{"name":113},{"id":193,"name":194,"techniques":195},"CAPEC-549","Local Execution of Code",[],{"id":197,"name":198,"techniques":199},"CAPEC-640","Inclusion of Code in Existing Process",[200,208,244,254],{"id":201,"name":202,"tactics":203,"countermeasures":207},"T1505.005","Terminal Services DLL",[204],{"id":205,"name":206},"TA0110","Persistence",[],{"id":209,"name":210,"tactics":211,"countermeasures":219},"T1574.006","Dynamic Linker Hijacking",[212,213,214,215,216],{"id":205,"name":206},{"id":46,"name":47},{"id":40,"name":41},{"id":43,"name":44},{"id":217,"name":218},"TA0104","Execution",[220,222,224,226,228,230,232,234,236,238,240,242],{"id":83,"name":84,"tactic":221},{"name":53},{"id":50,"name":51,"tactic":223},{"name":53},{"id":55,"name":56,"tactic":225},{"name":53},{"id":87,"name":88,"tactic":227},{"name":90},{"id":92,"name":93,"tactic":229},{"name":95},{"id":97,"name":98,"tactic":231},{"name":100},{"id":110,"name":111,"tactic":233},{"name":113},{"id":115,"name":116,"tactic":235},{"name":118},{"id":120,"name":121,"tactic":237},{"name":118},{"id":124,"name":125,"tactic":239},{"name":118},{"id":128,"name":129,"tactic":241},{"name":118},{"id":132,"name":133,"tactic":243},{"name":118},{"id":245,"name":246,"tactics":247,"countermeasures":253},"T1574.013","KernelCallbackTable",[248,249,250,251,252],{"id":205,"name":206},{"id":46,"name":47},{"id":40,"name":41},{"id":43,"name":44},{"id":217,"name":218},[],{"id":255,"name":256,"tactics":257,"countermeasures":260},"T1620","Reflective Code Loading",[258,259],{"id":40,"name":41},{"id":43,"name":44},[261,263],{"id":102,"name":103,"tactic":262},{"name":100},{"id":106,"name":107,"tactic":264},{"name":100},{"id":266,"name":267,"techniques":268},"CAPEC-660","Root/Jailbreak Detection Evasion via Hooking",[269],{"id":36,"name":37,"tactics":270,"countermeasures":274},[271,272,273],{"id":40,"name":41},{"id":43,"name":44},{"id":46,"name":47},[275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321],{"id":50,"name":51,"tactic":276},{"name":53},{"id":55,"name":56,"tactic":278},{"name":53},{"id":59,"name":60,"tactic":280},{"name":53},{"id":63,"name":64,"tactic":282},{"name":53},{"id":67,"name":68,"tactic":284},{"name":53},{"id":71,"name":72,"tactic":286},{"name":53},{"id":75,"name":76,"tactic":288},{"name":53},{"id":79,"name":80,"tactic":290},{"name":53},{"id":83,"name":84,"tactic":292},{"name":53},{"id":87,"name":88,"tactic":294},{"name":90},{"id":92,"name":93,"tactic":296},{"name":95},{"id":97,"name":98,"tactic":298},{"name":100},{"id":102,"name":103,"tactic":300},{"name":100},{"id":106,"name":107,"tactic":302},{"name":100},{"id":110,"name":111,"tactic":304},{"name":113},{"id":115,"name":116,"tactic":306},{"name":118},{"id":120,"name":121,"tactic":308},{"name":118},{"id":124,"name":125,"tactic":310},{"name":118},{"id":128,"name":129,"tactic":312},{"name":118},{"id":132,"name":133,"tactic":314},{"name":118},{"id":136,"name":137,"tactic":316},{"name":118},{"id":140,"name":141,"tactic":318},{"name":118},{"id":144,"name":145,"tactic":320},{"name":118},{"id":148,"name":149,"tactic":322},{"name":118},{"id":324,"name":325,"techniques":326},"CAPEC-695","Repo Jacking",[327],{"id":168,"name":169,"tactics":328,"countermeasures":330},[329],{"id":172,"name":173},[331,333,335,337],{"id":176,"name":177,"tactic":332},{"name":179},{"id":181,"name":182,"tactic":334},{"name":179},{"id":185,"name":186,"tactic":336},{"name":100},{"id":189,"name":190,"tactic":338},{"name":113},{"id":340,"name":341,"techniques":342},"CAPEC-698","Install Malicious Extension",[343,357],{"id":344,"name":345,"tactics":346,"countermeasures":348},"T1176","Software Extensions",[347],{"id":205,"name":206},[349,351,353,355],{"id":176,"name":177,"tactic":350},{"name":179},{"id":181,"name":182,"tactic":352},{"name":179},{"id":185,"name":186,"tactic":354},{"name":100},{"id":189,"name":190,"tactic":356},{"name":113},{"id":358,"name":359,"tactics":360,"countermeasures":362},"T1505.004","IIS Components",[361],{"id":205,"name":206},[363,365,367,369],{"id":176,"name":177,"tactic":364},{"name":179},{"id":181,"name":182,"tactic":366},{"name":179},{"id":185,"name":186,"tactic":368},{"name":100},{"id":189,"name":190,"tactic":370},{"name":113},{"_key":372,"id":372,"name":373,"description":374,"type":15,"status":375,"abstraction":17,"likelihood_of_exploit":9,"capec":376},"CWE-419","Unprotected Primary Channel","The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.","Draft",[377],{"id":378,"name":379,"techniques":380},"CAPEC-383","Harvesting Information via API Event Monitoring",[381],{"id":382,"name":383,"tactics":384,"countermeasures":391},"T1056.004","Credential API Hooking",[385,388],{"id":386,"name":387},"TA0100","Collection",{"id":389,"name":390},"TA0031","Credential Access",[392,394,396,398],{"id":71,"name":72,"tactic":393},{"name":53},{"id":75,"name":76,"tactic":395},{"name":53},{"id":102,"name":103,"tactic":397},{"name":100},{"id":106,"name":107,"tactic":399},{"name":100},[],[],[],[404,406,408,410,412],{"_key":405},"UBUNTU-CVE-2018-12120",{"_key":407},"SUSE-SU-2019:0117-1",{"_key":409},"SUSE-SU-2019:0395-1",{"_key":411},"MGASA-2019-0277",{"_key":413},"DEBIAN-CVE-2018-12120",[],[416,417,418],{"_key":407},{"_key":409},{"_key":411},"2018-11-28T17:00:00.000Z","2024-08-05T08:24:03.745Z","Modified",{"cisa_kev":423,"cisa_ransomware":423,"cisa_vendor":9,"epss_severity":424,"epss_score":425,"severity":426,"severity_score":427,"severity_version":428,"severity_source":429,"severity_vector":430,"severity_status":421},false,"low",0.00422,"high",8.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[432,440],{"url":433,"sources":434,"tags":436},"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",[435,429],"cve.org",[437,438,439],"X Refsource CONFIRM","Patch","Vendor Advisory",{"url":441,"sources":442,"tags":443},"http://www.securityfocus.com/bid/106040",[435,429],[444,445,446],"VDB Entry","X Refsource BID","Third Party Advisory",[],{"date":449,"score":425,"percentile":450},"2026-06-04",0.62386,[452,456,459,462,465,468,471,474,477,480,483,486,489,492,495,499,502,505,508,511,514,517,520,523,526,529,532,535,538,541,544,547,550,553,556,558,561,564,567,570,573,576,579,582,585,588,591,594,597,600,603,606,609,612,615,618,621,624,627,630,633,636,638,640,643,645,648,651,654,657,659,662,664,667,670,673,676,679,682,685,687,690,693,696,698,701,704,707,710,713],{"date":453,"score":454,"percentile":455},"2025-11-04",0.00419,0.61148,{"date":457,"score":454,"percentile":458},"2025-11-05",0.61135,{"date":460,"score":454,"percentile":461},"2025-11-06",0.61142,{"date":463,"score":454,"percentile":464},"2025-11-07",0.61156,{"date":466,"score":454,"percentile":467},"2025-11-08",0.6116,{"date":469,"score":454,"percentile":470},"2025-11-09",0.61158,{"date":472,"score":454,"percentile":473},"2025-11-10",0.61136,{"date":475,"score":454,"percentile":476},"2025-11-11",0.6115,{"date":478,"score":454,"percentile":479},"2025-11-12",0.61175,{"date":481,"score":454,"percentile":482},"2025-11-13",0.61181,{"date":484,"score":454,"percentile":485},"2025-11-14",0.61188,{"date":487,"score":454,"percentile":488},"2025-11-15",0.6118,{"date":490,"score":454,"percentile":491},"2025-11-16",0.6117,{"date":493,"score":454,"percentile":494},"2025-11-17",0.61171,{"date":496,"score":497,"percentile":498},"2025-11-18",0.00412,0.58777,{"date":500,"score":497,"percentile":501},"2025-11-19",0.58791,{"date":503,"score":497,"percentile":504},"2025-11-20",0.58781,{"date":506,"score":454,"percentile":507},"2025-11-21",0.61179,{"date":509,"score":454,"percentile":510},"2025-11-22",0.61185,{"date":512,"score":454,"percentile":513},"2025-11-23",0.61169,{"date":515,"score":454,"percentile":516},"2025-11-24",0.61166,{"date":518,"score":454,"percentile":519},"2025-11-25",0.61173,{"date":521,"score":454,"percentile":522},"2025-11-26",0.61174,{"date":524,"score":454,"percentile":525},"2025-11-27",0.61182,{"date":527,"score":454,"percentile":528},"2025-11-28",0.61163,{"date":530,"score":454,"percentile":531},"2025-11-29",0.61138,{"date":533,"score":454,"percentile":534},"2025-11-30",0.61128,{"date":536,"score":454,"percentile":537},"2025-12-01",0.61279,{"date":539,"score":454,"percentile":540},"2025-12-02",0.61294,{"date":542,"score":454,"percentile":543},"2025-12-03",0.61296,{"date":545,"score":454,"percentile":546},"2025-12-04",0.61123,{"date":548,"score":454,"percentile":549},"2025-12-05",0.61134,{"date":551,"score":454,"percentile":552},"2025-12-06",0.61131,{"date":554,"score":454,"percentile":555},"2025-12-07",0.61126,{"date":557,"score":454,"percentile":552},"2025-12-08",{"date":559,"score":454,"percentile":560},"2025-12-09",0.61168,{"date":562,"score":454,"percentile":563},"2025-12-10",0.61215,{"date":565,"score":454,"percentile":566},"2025-12-11",0.61235,{"date":568,"score":454,"percentile":569},"2025-12-12",0.61258,{"date":571,"score":454,"percentile":572},"2025-12-13",0.61261,{"date":574,"score":454,"percentile":575},"2025-12-14",0.6126,{"date":577,"score":454,"percentile":578},"2025-12-15",0.61239,{"date":580,"score":454,"percentile":581},"2025-12-16",0.61259,{"date":583,"score":454,"percentile":584},"2025-12-17",0.61277,{"date":586,"score":454,"percentile":587},"2025-12-18",0.61316,{"date":589,"score":454,"percentile":590},"2025-12-19",0.61327,{"date":592,"score":454,"percentile":593},"2025-12-20",0.61326,{"date":595,"score":454,"percentile":596},"2025-12-21",0.61312,{"date":598,"score":454,"percentile":599},"2025-12-22",0.61304,{"date":601,"score":454,"percentile":602},"2025-12-23",0.61319,{"date":604,"score":454,"percentile":605},"2025-12-24",0.6133,{"date":607,"score":454,"percentile":608},"2025-12-25",0.61363,{"date":610,"score":454,"percentile":611},"2025-12-26",0.61359,{"date":613,"score":454,"percentile":614},"2025-12-27",0.61405,{"date":616,"score":454,"percentile":617},"2025-12-28",0.61333,{"date":619,"score":454,"percentile":620},"2025-12-29",0.61328,{"date":622,"score":454,"percentile":623},"2025-12-30",0.61342,{"date":625,"score":454,"percentile":626},"2025-12-31",0.61366,{"date":628,"score":454,"percentile":629},"2026-01-01",0.61553,{"date":631,"score":454,"percentile":632},"2026-01-02",0.61541,{"date":634,"score":454,"percentile":635},"2026-01-03",0.61537,{"date":637,"score":454,"percentile":623},"2026-01-04",{"date":639,"score":454,"percentile":605},"2026-01-05",{"date":641,"score":454,"percentile":642},"2026-01-06",0.6134,{"date":644,"score":454,"percentile":608},"2026-01-07",{"date":646,"score":454,"percentile":647},"2026-01-08",0.61389,{"date":649,"score":454,"percentile":650},"2026-01-09",0.61392,{"date":652,"score":454,"percentile":653},"2026-01-10",0.61385,{"date":655,"score":454,"percentile":656},"2026-01-11",0.61368,{"date":658,"score":454,"percentile":623},"2026-01-12",{"date":660,"score":454,"percentile":661},"2026-01-13",0.6132,{"date":663,"score":454,"percentile":608},"2026-01-14",{"date":665,"score":454,"percentile":666},"2026-01-15",0.61362,{"date":668,"score":454,"percentile":669},"2026-01-16",0.6138,{"date":671,"score":454,"percentile":672},"2026-01-17",0.61373,{"date":674,"score":454,"percentile":675},"2026-01-18",0.61371,{"date":677,"score":454,"percentile":678},"2026-01-19",0.61343,{"date":680,"score":454,"percentile":681},"2026-01-20",0.61357,{"date":683,"score":454,"percentile":684},"2026-01-21",0.61364,{"date":686,"score":454,"percentile":656},"2026-01-22",{"date":688,"score":454,"percentile":689},"2026-01-23",0.61403,{"date":691,"score":454,"percentile":692},"2026-01-24",0.61409,{"date":694,"score":454,"percentile":695},"2026-01-25",0.61374,{"date":697,"score":454,"percentile":666},"2026-01-26",{"date":699,"score":454,"percentile":700},"2026-01-27",0.61367,{"date":702,"score":454,"percentile":703},"2026-01-28",0.61377,{"date":705,"score":454,"percentile":706},"2026-01-29",0.61378,{"date":708,"score":454,"percentile":709},"2026-01-30",0.61382,{"date":711,"score":454,"percentile":712},"2026-01-31",0.61386,{"date":714,"score":454,"percentile":715},"2026-02-01",0.61521,[717],{"source":429,"cvss_v2_0":718,"cvss_v3_0":9,"cvss_v3_1":723,"cvss_v4_0":9},{"baseScore":719,"baseSeverity":9,"vectorString":720,"impactScore":721,"exploitabilityScore":722},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":427,"baseSeverity":724,"vectorString":430,"impactScore":725,"exploitabilityScore":726},"HIGH",9.8,5.6,[728,741],{"ecosystem":9,"name":729,"vendor":730,"product":729,"cpe_part":731,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":732},"node.js","nodejs","a",[733],{"version":734,"is_range":735,"range_type":736,"version_start":737,"version_start_type":738,"version_end":739,"version_end_type":740,"fixed_in":9},"gte6.0.0_lt6.15.0",true,"cpe","6.0.0","including","6.15.0","excluding",{"ecosystem":9,"name":742,"vendor":743,"product":729,"cpe_part":731,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":744},"Node.js","the node.js project",[745],{"version":746,"is_range":423,"range_type":435,"version_start":746,"version_start_type":738,"version_end":746,"version_end_type":738,"fixed_in":9},"All versions prior to Node.js 6.15.0"]