Описание
This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mosca_project:mosca:2.8.1:*:*:*:*:node.js:*:*
EPSS
Процентиль: 94%
0.12358
Средний
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-20
CWE-185
Связанные уязвимости
EPSS
Процентиль: 94%
0.12358
Средний
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
CWE-20
CWE-185