CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Configurations

Configuration 1 (hide)

cpe:2.3:a:servo:idna:*:*:*:*:*:rust:*:*

History

25 Jun 2025, 15:33

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-30 02:15

Updated : 2025-06-25 15:33


NVD link : CVE-2024-12224

Mitre link : CVE-2024-12224

CVE.ORG link : CVE-2024-12224


JSON object : View

Products Affected

servo

  • idna
CWE
CWE-1289

Improper Validation of Unsafe Equivalence in Input

CWE-352

Cross-Site Request Forgery (CSRF)