Vulnerability Details CVE-2018-6333
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-6333
-
cpe:2.3:a:facebook:nuclide:0.0.15
-
cpe:2.3:a:facebook:nuclide:0.0.16
-
cpe:2.3:a:facebook:nuclide:0.0.17
-
cpe:2.3:a:facebook:nuclide:0.0.18
-
cpe:2.3:a:facebook:nuclide:0.0.19
-
cpe:2.3:a:facebook:nuclide:0.0.20
-
cpe:2.3:a:facebook:nuclide:0.0.21
-
cpe:2.3:a:facebook:nuclide:0.0.22
-
cpe:2.3:a:facebook:nuclide:0.0.23
-
cpe:2.3:a:facebook:nuclide:0.0.24
-
cpe:2.3:a:facebook:nuclide:0.0.25
-
cpe:2.3:a:facebook:nuclide:0.0.26
-
cpe:2.3:a:facebook:nuclide:0.0.27
-
cpe:2.3:a:facebook:nuclide:0.0.28
-
cpe:2.3:a:facebook:nuclide:0.0.29
-
cpe:2.3:a:facebook:nuclide:0.0.30
-
cpe:2.3:a:facebook:nuclide:0.0.31
-
cpe:2.3:a:facebook:nuclide:0.0.32
-
cpe:2.3:a:facebook:nuclide:0.0.33
-
cpe:2.3:a:facebook:nuclide:0.0.34
-
cpe:2.3:a:facebook:nuclide:0.0.35
-
cpe:2.3:a:facebook:nuclide:0.109.0
-
cpe:2.3:a:facebook:nuclide:0.110.0
-
cpe:2.3:a:facebook:nuclide:0.111.0
-
cpe:2.3:a:facebook:nuclide:0.112.0
-
cpe:2.3:a:facebook:nuclide:0.113.0
-
cpe:2.3:a:facebook:nuclide:0.114.0
-
cpe:2.3:a:facebook:nuclide:0.115.0
-
cpe:2.3:a:facebook:nuclide:0.115.1
-
cpe:2.3:a:facebook:nuclide:0.116.0
-
cpe:2.3:a:facebook:nuclide:0.117.0
-
cpe:2.3:a:facebook:nuclide:0.118.0
-
cpe:2.3:a:facebook:nuclide:0.119.0
-
cpe:2.3:a:facebook:nuclide:0.120.0
-
cpe:2.3:a:facebook:nuclide:0.121.0
-
cpe:2.3:a:facebook:nuclide:0.122.0
-
cpe:2.3:a:facebook:nuclide:0.123.0
-
cpe:2.3:a:facebook:nuclide:0.124.0
-
cpe:2.3:a:facebook:nuclide:0.125.0
-
cpe:2.3:a:facebook:nuclide:0.126.0
-
cpe:2.3:a:facebook:nuclide:0.127.0
-
cpe:2.3:a:facebook:nuclide:0.128.0
-
cpe:2.3:a:facebook:nuclide:0.129.0
-
cpe:2.3:a:facebook:nuclide:0.130.0
-
cpe:2.3:a:facebook:nuclide:0.131.0
-
cpe:2.3:a:facebook:nuclide:0.132.0
-
cpe:2.3:a:facebook:nuclide:0.133.0
-
cpe:2.3:a:facebook:nuclide:0.134.0
-
cpe:2.3:a:facebook:nuclide:0.135.0
-
cpe:2.3:a:facebook:nuclide:0.136.0
-
cpe:2.3:a:facebook:nuclide:0.137.0
-
cpe:2.3:a:facebook:nuclide:0.138.0
-
cpe:2.3:a:facebook:nuclide:0.139.0
-
cpe:2.3:a:facebook:nuclide:0.140.0
-
cpe:2.3:a:facebook:nuclide:0.141.0
-
cpe:2.3:a:facebook:nuclide:0.145.0
-
cpe:2.3:a:facebook:nuclide:0.146.0
-
cpe:2.3:a:facebook:nuclide:0.147.0
-
cpe:2.3:a:facebook:nuclide:0.148.0
-
cpe:2.3:a:facebook:nuclide:0.150.0
-
cpe:2.3:a:facebook:nuclide:0.151.0
-
cpe:2.3:a:facebook:nuclide:0.155.0
-
cpe:2.3:a:facebook:nuclide:0.156.0
-
cpe:2.3:a:facebook:nuclide:0.157.0
-
cpe:2.3:a:facebook:nuclide:0.158.0
-
cpe:2.3:a:facebook:nuclide:0.159.0
-
cpe:2.3:a:facebook:nuclide:0.160.0
-
cpe:2.3:a:facebook:nuclide:0.161.0
-
cpe:2.3:a:facebook:nuclide:0.162.0
-
cpe:2.3:a:facebook:nuclide:0.163.0
-
cpe:2.3:a:facebook:nuclide:0.164.0
-
cpe:2.3:a:facebook:nuclide:0.165.0
-
cpe:2.3:a:facebook:nuclide:0.166.0
-
cpe:2.3:a:facebook:nuclide:0.167.0
-
cpe:2.3:a:facebook:nuclide:0.167.1
-
cpe:2.3:a:facebook:nuclide:0.168.0
-
cpe:2.3:a:facebook:nuclide:0.169.0
-
cpe:2.3:a:facebook:nuclide:0.170.0
-
cpe:2.3:a:facebook:nuclide:0.171.0
-
cpe:2.3:a:facebook:nuclide:0.172.0
-
cpe:2.3:a:facebook:nuclide:0.173.0
-
cpe:2.3:a:facebook:nuclide:0.174.0
-
cpe:2.3:a:facebook:nuclide:0.175.0
-
cpe:2.3:a:facebook:nuclide:0.176.0
-
cpe:2.3:a:facebook:nuclide:0.177.0
-
cpe:2.3:a:facebook:nuclide:0.178.0
-
cpe:2.3:a:facebook:nuclide:0.179.0
-
cpe:2.3:a:facebook:nuclide:0.180.0
-
cpe:2.3:a:facebook:nuclide:0.181.0
-
cpe:2.3:a:facebook:nuclide:0.182.0
-
cpe:2.3:a:facebook:nuclide:0.183.0
-
cpe:2.3:a:facebook:nuclide:0.184.0
-
cpe:2.3:a:facebook:nuclide:0.186.0
-
cpe:2.3:a:facebook:nuclide:0.187.0
-
cpe:2.3:a:facebook:nuclide:0.188.0
-
cpe:2.3:a:facebook:nuclide:0.189.0
-
cpe:2.3:a:facebook:nuclide:0.191.0
-
cpe:2.3:a:facebook:nuclide:0.192.0
-
cpe:2.3:a:facebook:nuclide:0.193.0
-
cpe:2.3:a:facebook:nuclide:0.194.0
-
cpe:2.3:a:facebook:nuclide:0.195.0
-
cpe:2.3:a:facebook:nuclide:0.196.0
-
cpe:2.3:a:facebook:nuclide:0.197.0
-
cpe:2.3:a:facebook:nuclide:0.198.0
-
cpe:2.3:a:facebook:nuclide:0.199.0
-
cpe:2.3:a:facebook:nuclide:0.200.0
-
cpe:2.3:a:facebook:nuclide:0.201.0
-
cpe:2.3:a:facebook:nuclide:0.202.0
-
cpe:2.3:a:facebook:nuclide:0.203.0
-
cpe:2.3:a:facebook:nuclide:0.204.0
-
cpe:2.3:a:facebook:nuclide:0.205.0
-
cpe:2.3:a:facebook:nuclide:0.206.0
-
cpe:2.3:a:facebook:nuclide:0.207.0
-
cpe:2.3:a:facebook:nuclide:0.208.0
-
cpe:2.3:a:facebook:nuclide:0.209.0
-
cpe:2.3:a:facebook:nuclide:0.210.0
-
cpe:2.3:a:facebook:nuclide:0.211.0
-
cpe:2.3:a:facebook:nuclide:0.212.0
-
cpe:2.3:a:facebook:nuclide:0.213.0
-
cpe:2.3:a:facebook:nuclide:0.214.0
-
cpe:2.3:a:facebook:nuclide:0.215.0
-
cpe:2.3:a:facebook:nuclide:0.216.0
-
cpe:2.3:a:facebook:nuclide:0.217.0
-
cpe:2.3:a:facebook:nuclide:0.218.0
-
cpe:2.3:a:facebook:nuclide:0.219.0
-
cpe:2.3:a:facebook:nuclide:0.220.0
-
cpe:2.3:a:facebook:nuclide:0.221.0
-
cpe:2.3:a:facebook:nuclide:0.222.0
-
cpe:2.3:a:facebook:nuclide:0.223.0
-
cpe:2.3:a:facebook:nuclide:0.226.0
-
cpe:2.3:a:facebook:nuclide:0.228.0
-
cpe:2.3:a:facebook:nuclide:0.229.0
-
cpe:2.3:a:facebook:nuclide:0.230.0
-
cpe:2.3:a:facebook:nuclide:0.231.0
-
cpe:2.3:a:facebook:nuclide:0.232.0
-
cpe:2.3:a:facebook:nuclide:0.233.0
-
cpe:2.3:a:facebook:nuclide:0.234.0
-
cpe:2.3:a:facebook:nuclide:0.236.0
-
cpe:2.3:a:facebook:nuclide:0.238.0
-
cpe:2.3:a:facebook:nuclide:0.239.0
-
cpe:2.3:a:facebook:nuclide:0.240.0
-
cpe:2.3:a:facebook:nuclide:0.241.0
-
cpe:2.3:a:facebook:nuclide:0.242.0
-
cpe:2.3:a:facebook:nuclide:0.243.0
-
cpe:2.3:a:facebook:nuclide:0.244.0
-
cpe:2.3:a:facebook:nuclide:0.245.0
-
cpe:2.3:a:facebook:nuclide:0.246.0
-
cpe:2.3:a:facebook:nuclide:0.247.0
-
cpe:2.3:a:facebook:nuclide:0.249.0
-
cpe:2.3:a:facebook:nuclide:0.250.0
-
cpe:2.3:a:facebook:nuclide:0.252.0
-
cpe:2.3:a:facebook:nuclide:0.254.0
-
cpe:2.3:a:facebook:nuclide:0.255.0
-
cpe:2.3:a:facebook:nuclide:0.256.0
-
cpe:2.3:a:facebook:nuclide:0.257.0
-
cpe:2.3:a:facebook:nuclide:0.258.0
-
cpe:2.3:a:facebook:nuclide:0.259.0
-
cpe:2.3:a:facebook:nuclide:0.260.0
-
cpe:2.3:a:facebook:nuclide:0.261.0
-
cpe:2.3:a:facebook:nuclide:0.262.0
-
cpe:2.3:a:facebook:nuclide:0.263.0
-
cpe:2.3:a:facebook:nuclide:0.264.0
-
cpe:2.3:a:facebook:nuclide:0.266.0
-
cpe:2.3:a:facebook:nuclide:0.267.0
-
cpe:2.3:a:facebook:nuclide:0.268.0
-
cpe:2.3:a:facebook:nuclide:0.269.0
-
cpe:2.3:a:facebook:nuclide:0.270.0
-
cpe:2.3:a:facebook:nuclide:0.271.0
-
cpe:2.3:a:facebook:nuclide:0.272.0
-
cpe:2.3:a:facebook:nuclide:0.273.0
-
cpe:2.3:a:facebook:nuclide:0.275.0
-
cpe:2.3:a:facebook:nuclide:0.277.0
-
cpe:2.3:a:facebook:nuclide:0.278.0
-
cpe:2.3:a:facebook:nuclide:0.279.0
-
cpe:2.3:a:facebook:nuclide:0.280.0
-
cpe:2.3:a:facebook:nuclide:0.282.0
-
cpe:2.3:a:facebook:nuclide:0.283.0
-
cpe:2.3:a:facebook:nuclide:0.284.0
-
cpe:2.3:a:facebook:nuclide:0.285.0
-
cpe:2.3:a:facebook:nuclide:0.286.0
-
cpe:2.3:a:facebook:nuclide:0.287.0
-
cpe:2.3:a:facebook:nuclide:0.288.0