Is CVE-2018-11615 actively exploited?

CVE-2018-11615 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-11615?

CVE-2018-11615 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2018-11615?

Patch guidance is available from mosca project security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-11615.

Which products are affected by CVE-2018-11615?

1 product: mosca project mosca.

Fix CVE-2018-11615 - HIGH mosca project mosca

Description

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-20 · Improper Input Validation CWE-185

Metadata

Primary Vendor: MOSCA_PROJECT
Published: 8/30/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

mosca_project : mosca

Remediation Guidance

Executive Summary

Cite this page

CVE-2018-11615. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2018-11615

View on NIST NVD

CVE-2018-11615 vulnerability