CVE-2024-12224

Summary

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.

Affected Software

VendorProductVersion RangeStatus
servorust-url0 < 1.0.0affected

Weaknesses

  • CWE-1289: CWE-1289

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References