CVE-2018-11615

HIGH7.5EPSS 12.4%

Mosca REDoS Vulnerability

Published: 8/31/2018Modified: 11/8/2023

Description

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system.

Affected packages (1)

npm/moscafrom 0, < 2.8.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (3)

ADVISORYhttps://github.com/advisories/GHSA-wqg7-vrj7-v82h
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-11615
WEBhttps://zerodayinitiative.com/advisories/ZDI-18-583