What is CVE-2018-7160?

CVE-2018-7160 is a vulnerability in The Node.js Project, classified under CWE-350. Published 2018-05-17.

Is CVE-2018-7160 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in The Node.js Project

CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another…

EPSS: 0.015 (81.5th percentile) — read the EPSS interpretation.

Affected products

The Node.js Project — versions ^6.0.0 || ^8.0.0 || ^9.0.0

Weakness classification (CWE)

CWE-350

Public proof-of-concept exploits

References

www.oracle.com//security-alerts/cpujul2021.html (x_refsource_MISC)
nodejs.org/en/blog/vulnerability/march-2018-security-releases/ (x_refsource_CONFIRM)
support.f5.com/csp/article/K63025104 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-7160?: CVE-2018-7160 is a vulnerability in The Node.js Project, classified under CWE-350. Published 2018-05-17.
Is CVE-2018-7160 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.