High severity8.8NVD Advisory· Published May 30, 2025· Updated Jun 17, 2026
CVE-2024-12224
CVE-2024-12224
Description
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
idnacrates.io | < 1.0.0 | 1.0.0 |
Affected products
187- osv-coords186 versionspkg:apk/chainguard/atuinpkg:apk/chainguard/batpkg:apk/chainguard/bat-docpkg:apk/chainguard/bergpkg:apk/chainguard/buck2pkg:apk/chainguard/cargo-auditpkg:apk/chainguard/cargo-audit-docpkg:apk/chainguard/convcopkg:apk/chainguard/denopkg:apk/chainguard/fnmpkg:apk/chainguard/geckodriverpkg:apk/chainguard/helixpkg:apk/chainguard/kdashpkg:apk/chainguard/libwasmtimepkg:apk/chainguard/linkerd2pkg:apk/chainguard/linkerd2-clipkg:apk/chainguard/linkerd2-controllerpkg:apk/chainguard/linkerd2-controller-compatpkg:apk/chainguard/linkerd2-debugpkg:apk/chainguard/linkerd2-metrics-apipkg:apk/chainguard/linkerd2-metrics-api-compatpkg:apk/chainguard/linkerd2-policy-controllerpkg:apk/chainguard/linkerd2-policy-controller-compatpkg:apk/chainguard/linkerd2-proxypkg:apk/chainguard/linkerd2-proxy-identitypkg:apk/chainguard/linkerd2-tappkg:apk/chainguard/linkerd2-tap-compatpkg:apk/chainguard/linkerd2-webpkg:apk/chainguard/lycheepkg:apk/chainguard/netavarkpkg:apk/chainguard/nushellpkg:apk/chainguard/nushell-pluginspkg:apk/chainguard/orandapkg:apk/chainguard/parseablepkg:apk/chainguard/pixipkg:apk/chainguard/pixi-compatpkg:apk/chainguard/qdrantpkg:apk/chainguard/rust-analyzerpkg:apk/chainguard/rustuppkg:apk/chainguard/ryepkg:apk/chainguard/samplypkg:apk/chainguard/sccachepkg:apk/chainguard/sdp-device-id-servicepkg:apk/chainguard/sdp-identity-servicepkg:apk/chainguard/sdp-k8s-injectorpkg:apk/chainguard/shadowsocks-rustpkg:apk/chainguard/shadowsocks-rust-sslocalpkg:apk/chainguard/shadowsocks-rust-ssmanagerpkg:apk/chainguard/shadowsocks-rust-ssserverpkg:apk/chainguard/shadowsocks-rust-ssservicepkg:apk/chainguard/shadowsocks-rust-ssurlpkg:apk/chainguard/starshippkg:apk/chainguard/tealdeerpkg:apk/chainguard/wadmpkg:apk/chainguard/washpkg:apk/chainguard/wasmcloudpkg:apk/chainguard/wasmtimepkg:apk/chainguard/wasmtime-devpkg:apk/chainguard/wizerpkg:apk/chainguard/xhpkg:apk/chainguard/zellijpkg:apk/chainguard/zellij-bash-completionpkg:apk/chainguard/zellij-fish-completionpkg:apk/chainguard/zellij-zsh-completionpkg:apk/chainguard/ztunnel-1.24pkg:apk/chainguard/ztunnel-1.24-compatpkg:apk/chainguard/ztunnel-fips-1.24pkg:apk/chainguard/ztunnel-fips-1.24-compatpkg:apk/wolfi/atuinpkg:apk/wolfi/batpkg:apk/wolfi/bat-docpkg:apk/wolfi/bergpkg:apk/wolfi/buck2pkg:apk/wolfi/cargo-auditpkg:apk/wolfi/cargo-audit-docpkg:apk/wolfi/convcopkg:apk/wolfi/denopkg:apk/wolfi/geckodriverpkg:apk/wolfi/helixpkg:apk/wolfi/kdashpkg:apk/wolfi/libwasmtimepkg:apk/wolfi/linkerd2pkg:apk/wolfi/linkerd2-clipkg:apk/wolfi/linkerd2-controllerpkg:apk/wolfi/linkerd2-controller-compatpkg:apk/wolfi/linkerd2-debugpkg:apk/wolfi/linkerd2-metrics-apipkg:apk/wolfi/linkerd2-metrics-api-compatpkg:apk/wolfi/linkerd2-policy-controllerpkg:apk/wolfi/linkerd2-policy-controller-compatpkg:apk/wolfi/linkerd2-proxypkg:apk/wolfi/linkerd2-proxy-identitypkg:apk/wolfi/linkerd2-tappkg:apk/wolfi/linkerd2-tap-compatpkg:apk/wolfi/linkerd2-webpkg:apk/wolfi/lycheepkg:apk/wolfi/netavarkpkg:apk/wolfi/nushellpkg:apk/wolfi/nushell-pluginspkg:apk/wolfi/orandapkg:apk/wolfi/parseablepkg:apk/wolfi/pixipkg:apk/wolfi/pixi-compatpkg:apk/wolfi/qdrantpkg:apk/wolfi/rust-analyzerpkg:apk/wolfi/rustuppkg:apk/wolfi/ryepkg:apk/wolfi/samplypkg:apk/wolfi/sccachepkg:apk/wolfi/sdp-device-id-servicepkg:apk/wolfi/sdp-identity-servicepkg:apk/wolfi/sdp-k8s-injectorpkg:apk/wolfi/shadowsocks-rustpkg:apk/wolfi/shadowsocks-rust-sslocalpkg:apk/wolfi/shadowsocks-rust-ssmanagerpkg:apk/wolfi/shadowsocks-rust-ssserverpkg:apk/wolfi/shadowsocks-rust-ssservicepkg:apk/wolfi/shadowsocks-rust-ssurlpkg:apk/wolfi/starshippkg:apk/wolfi/tealdeerpkg:apk/wolfi/wadmpkg:apk/wolfi/washpkg:apk/wolfi/wasmcloudpkg:apk/wolfi/wasmtimepkg:apk/wolfi/wasmtime-devpkg:apk/wolfi/wizerpkg:apk/wolfi/xhpkg:apk/wolfi/zellijpkg:apk/wolfi/zellij-bash-completionpkg:apk/wolfi/zellij-fish-completionpkg:apk/wolfi/zellij-zsh-completionpkg:apk/wolfi/ztunnel-1.24pkg:apk/wolfi/ztunnel-1.24-compatpkg:cargo/idnapkg:rpm/opensuse/afterburn&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/aws-nitro-enclaves-cli&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cargo-audit&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cargo-c&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cargo-c&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/librsvg&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/librsvg&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/python-nh3&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-selenium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rav1e&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rust-keylime&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rustup&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rustup&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/sccache&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/sccache&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/sevctl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/snpguest&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/aws-nitro-enclaves-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/aws-nitro-enclaves-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/aws-nitro-enclaves-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/aws-nitro-enclaves-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/cargo-c&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/cargo-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/librsvg&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/rav1e&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/rav1e&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/rustup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/rustup&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/sevctl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/sevctl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/sevctl&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/sevctl&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/snpguest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/snpguest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7
< 18.4.0-r0+ 185 more
- (no CPE)range: < 18.4.0-r0
- (no CPE)range: < 0.24.0-r5
- (no CPE)range: < 0.24.0-r5
- (no CPE)range: < 0.4.7-r0
- (no CPE)range: < 20250102-r3
- (no CPE)range: < 0.21.0-r3
- (no CPE)range: < 0.21.0-r3
- (no CPE)range: < 0.6.2-r0
- (no CPE)range: < 2.1.3-r0
- (no CPE)range: < 1.38.1-r4
- (no CPE)range: < 0.35.0-r1
- (no CPE)range: < 25.01-r0
- (no CPE)range: < 0.6.1-r4
- (no CPE)range: < 28.0.0-r0
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 2.272.0-r0
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 0.23.0-r0
- (no CPE)range: < 1.17.0-r0
- (no CPE)range: < 0.101.0-r0
- (no CPE)range: < 0.101.0-r0
- (no CPE)range: < 0.6.5-r2
- (no CPE)range: < 2.5.5-r0
- (no CPE)range: < 0.39.4-r0
- (no CPE)range: < 0.39.4-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 20251103-r0
- (no CPE)range: < 1.27.1-r4
- (no CPE)range: < 0.43.0-r1
- (no CPE)range: < 0.13.1-r5
- (no CPE)range: < 0.9.0-r1
- (no CPE)range: < 1.3.6-r1
- (no CPE)range: < 1.3.6-r1
- (no CPE)range: < 1.3.6-r1
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.1-r1
- (no CPE)range: < 1.8.0-r0
- (no CPE)range: < 0.19.0-r0
- (no CPE)range: < 0.38.0-r0
- (no CPE)range: < 1.5.0-r0
- (no CPE)range: < 28.0.0-r0
- (no CPE)range: < 28.0.0-r0
- (no CPE)range: < 7.0.5-r4
- (no CPE)range: < 0.24.0-r0
- (no CPE)range: < 0.41.2-r2
- (no CPE)range: < 0.41.2-r2
- (no CPE)range: < 0.41.2-r2
- (no CPE)range: < 0.41.2-r2
- (no CPE)range: < 1.24.2-r1
- (no CPE)range: < 1.24.2-r1
- (no CPE)range: < 1.24.2-r2
- (no CPE)range: < 1.24.2-r2
- (no CPE)range: < 18.4.0-r0
- (no CPE)range: < 0.24.0-r5
- (no CPE)range: < 0.24.0-r5
- (no CPE)range: < 0.4.7-r0
- (no CPE)range: < 20250102-r3
- (no CPE)range: < 0.21.0-r3
- (no CPE)range: < 0.21.0-r3
- (no CPE)range: < 0.6.2-r0
- (no CPE)range: < 2.1.3-r0
- (no CPE)range: < 0.35.0-r1
- (no CPE)range: < 25.01-r0
- (no CPE)range: < 0.6.1-r4
- (no CPE)range: < 28.0.0-r0
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 2.272.0-r0
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 24.11.8-r1
- (no CPE)range: < 0.23.0-r0
- (no CPE)range: < 1.17.0-r0
- (no CPE)range: < 0.101.0-r0
- (no CPE)range: < 0.101.0-r0
- (no CPE)range: < 0.6.5-r2
- (no CPE)range: < 2.5.5-r0
- (no CPE)range: < 0.39.4-r0
- (no CPE)range: < 0.39.4-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 20251103-r0
- (no CPE)range: < 1.27.1-r4
- (no CPE)range: < 0.43.0-r1
- (no CPE)range: < 0.13.1-r5
- (no CPE)range: < 0.9.0-r1
- (no CPE)range: < 1.3.6-r1
- (no CPE)range: < 1.3.6-r1
- (no CPE)range: < 1.3.6-r1
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.2-r3
- (no CPE)range: < 1.21.1-r1
- (no CPE)range: < 1.8.0-r0
- (no CPE)range: < 0.19.0-r0
- (no CPE)range: < 0.38.0-r0
- (no CPE)range: < 1.5.0-r0
- (no CPE)range: < 28.0.0-r0
- (no CPE)range: < 28.0.0-r0
- (no CPE)range: < 7.0.5-r4
- (no CPE)range: < 0.24.0-r0
- (no CPE)range: < 0.41.2-r2
- (no CPE)range: < 0.41.2-r2
- (no CPE)range: < 0.41.2-r2
- (no CPE)range: < 0.41.2-r2
- (no CPE)range: < 1.24.2-r1
- (no CPE)range: < 1.24.2-r1
- (no CPE)range: < 1.0.0
- (no CPE)range: < 5.9.0.git21.a73f509-2.1
- (no CPE)range: < 1.4.2~git0.6e8512e-150600.10.6.1
- (no CPE)range: < 0.21.2~git0.18e58c2-2.1
- (no CPE)range: < 0.10.15-160000.1.1
- (no CPE)range: < 0.10.3~git0.ee7d7ef-4.1
- (no CPE)range: < 2.57.4-150600.3.3.1
- (no CPE)range: < 2.60.2-160000.1.1
- (no CPE)range: < 0.2.17-2.1
- (no CPE)range: < 4.25.0-5.1
- (no CPE)range: < 0.6.6-150600.3.3.1
- (no CPE)range: < 0.2.7+70-2.1
- (no CPE)range: < 1.26.0~0-150600.10.7.1
- (no CPE)range: < 1.28.2~0-1.1
- (no CPE)range: < 0.4.2~4-150600.10.3.1
- (no CPE)range: < 0.12.0~1-1.1
- (no CPE)range: < 0.4.3-150600.4.3.1
- (no CPE)range: < 0.3.2-150600.3.6.1
- (no CPE)range: < 5.9.0.git21.a73f509-150300.3.5.1
- (no CPE)range: < 5.9.0.git21.a73f509-150400.3.3.1
- (no CPE)range: < 5.9.0.git21.a73f509-150400.3.3.1
- (no CPE)range: < 5.9.0.git21.a73f509-150500.3.3.1
- (no CPE)range: < 1.4.2~git0.6e8512e-150400.3.9.1
- (no CPE)range: < 1.4.2~git0.6e8512e-150400.3.9.1
- (no CPE)range: < 1.4.2~git0.6e8512e-150600.10.6.1
- (no CPE)range: < 1.4.2~git0.6e8512e-150600.10.6.1
- (no CPE)range: < 0.10.15-160000.1.1
- (no CPE)range: < 0.10.15-160000.1.1
- (no CPE)range: < 2.52.12-150400.3.9.1
- (no CPE)range: < 2.52.12-150400.3.9.1
- (no CPE)range: < 2.52.12-150400.3.9.1
- (no CPE)range: < 2.57.4-150600.3.3.1
- (no CPE)range: < 2.57.4-150600.3.3.1
- (no CPE)range: < 2.60.2-160000.1.1
- (no CPE)range: < 2.60.2-160000.1.1
- (no CPE)range: < 2.60.2-160000.1.1
- (no CPE)range: < 0.6.6-150600.3.3.1
- (no CPE)range: < 0.6.6-150600.3.3.1
- (no CPE)range: < 0.2.7+141-150400.3.7.1
- (no CPE)range: < 0.2.7+141-150400.3.5.1
- (no CPE)range: < 0.2.7+141-150500.3.5.1
- (no CPE)range: < 0.2.7+70-1.1
- (no CPE)range: < 0.2.8+12-slfo.1.1_1.1
- (no CPE)range: < 1.26.0~0-150600.10.7.1
- (no CPE)range: < 1.26.0~0-150600.10.7.1
- (no CPE)range: < 0.4.2~4-150600.10.3.1
- (no CPE)range: < 0.4.2~4-150600.10.3.1
- (no CPE)range: < 0.4.3-150600.4.3.1
- (no CPE)range: < 0.6.0-150700.3.3.1
- (no CPE)range: < 0.4.3-3.1
- (no CPE)range: < 0.4.3-slfo.1.1_3.1
- (no CPE)range: < 0.3.2-150600.3.6.1
- (no CPE)range: < 0.10.0-150700.3.3.1
- servo/rust-urlv5Range: 0
Patches
Vulnerability mechanics
References
4- bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingWEB
- github.com/advisories/GHSA-h97m-ww89-6jmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-12224ghsaADVISORY
- rustsec.org/advisories/RUSTSEC-2024-0421.htmlnvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.