CVE-2018-11615
Mosca REDoS Vulnerability
7.5
HIGH
CVSS 3.1
EPSS 12.4%
Description
This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system.
How to fix CVE-2018-11615
To remediate CVE-2018-11615, upgrade the affected package to a fixed version below.
- —upgrade to 2.8.2 or later
Is CVE-2018-11615 being exploited?
Moderate — EPSS is 12.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |