{"id":"CVE-2024-12224","details":"Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.","aliases":["GHSA-h97m-ww89-6jmq","RUSTSEC-2024-0421"],"modified":"2026-04-02T17:30:50.968218Z","published":"2025-05-30T02:15:19.670Z","related":["CGA-vqcf-23pj-f75j","SUSE-RU-2025:02203-1","SUSE-RU-2025:02204-1","SUSE-SU-2025:02586-1","SUSE-SU-2025:02587-1","SUSE-SU-2025:02768-1","SUSE-SU-2025:02809-1","SUSE-SU-2025:02810-1","SUSE-SU-2025:02811-1","SUSE-SU-2025:03298-1","SUSE-SU-2025:03306-1","SUSE-SU-2025:03307-1","SUSE-SU-2025:03445-1","SUSE-SU-2025:20491-1","SUSE-SU-2025:20716-1","SUSE-SU-2025:20783-1","SUSE-SU-2025:20858-1","SUSE-SU-2025:3783-1","SUSE-SU-2025:3784-1","SUSE-SU-2025:3785-1","SUSE-SU-2025:3786-1","SUSE-SU-2025:4411-1","SUSE-SU-2026:0243-1","SUSE-SU-2026:0620-1","SUSE-SU-2026:20096-1","SUSE-SU-2026:20755-1","SUSE-SU-2026:20910-1","openSUSE-SU-2025:15201-1","openSUSE-SU-2025:15202-1","openSUSE-SU-2025:15294-1","openSUSE-SU-2025:15353-1","openSUSE-SU-2025:15550-1","openSUSE-SU-2025:15551-1","openSUSE-SU-2025:15588-1","openSUSE-SU-2025:15656-1","openSUSE-SU-2026:20060-1","openSUSE-SU-2026:20396-1"],"references":[{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0421.html"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-12224.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}