Home > Vulnerability Database > CVE-2018-11615

Mend.io Vulnerability Database

CVE-2018-11615

Good to know:

Date: August 30, 2018

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.

Language: JS

Severity Score

7.5

Related Resources (4)

Url: https://github.com/advisories/GHSA-wqg7-vrj7-v82h

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-11615

Url: https://zerodayinitiative.com/advisories/ZDI-18-583

Url: https://www.mend.io/vulnerability-database/CVE-2018-11615

Severity Score

7.5

Weakness Type (CWE)

Incorrect Regular Expression

CWE-185

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 2.8.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-11615

Good to know:

Date: August 30, 2018

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?