Vulnerability in The Node.js Project

CVE-2018-12120

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow r…

EPSS: 0.004 (62.4th percentile) — read the EPSS interpretation.

Affected products

The Node.js Project — versions All versions prior to Node.js 6.15.0

Weakness classification (CWE)

CWE-419 — Unprotected Primary Channel

References

nodejs.org/en/blog/vulnerability/november-2018-security-releases/ (x_refsource_CONFIRM)
106040 (vdb-entry, x_refsource_BID)