Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-11615 Vulnerability in npm package mosca

Description

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.

Remediation

References

https://zerodayinitiative.com/advisories/ZDI-18-583

Related Vulnerabilities

CVE-2020-15366 Vulnerability in maven package org.webjars.npm:ajv

CVE-2021-23424 Vulnerability in npm package ansi-html

CVE-2018-20676 Vulnerability in maven package org.webjars.bower:bootstrap-sass

CVE-2022-41940 Vulnerability in maven package org.webjars.bower:engine.io

CVE-2016-6796 Vulnerability in maven package org.apache.tomcat:tomcat-jasper

Severity

High

Classification

CWE-185 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory VDB Entry