Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-6333
Modified
More InfoOfficial Page
Source-cve-assign@fb.com
View Known Exploited Vulnerability (KEV) details
Published At-31 Dec, 2018 | 23:29
Updated At-06 May, 2025 | 15:15

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

Facebook
facebook
>>nuclide>>Versions before 0.290.0(exclusive)
cpe:2.3:a:facebook:nuclide:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Secondarycve-assign@fb.com
CWE-20Primarynvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/facebook/nuclide/commit/65f6bbd683404be1bb569b8d1be84b5d4c74a324cve-assign@fb.com
Patch
Third Party Advisory
https://github.com/facebook/nuclide/commit/65f6bbd683404be1bb569b8d1be84b5d4c74a324af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
Change History
0Changes found

Details not found