Regular expression denial of service vulnerability in Node.js - CVE-2018-7158ID: oval:org.secpod.oval:def:96753 | Date: (C)2024-01-12 (M)2024-05-22 |
Class: VULNERABILITY | Family: windows |
The host is installed with Node.js 4.x before 4.9.0 and is prone to a regular expression denial of service vulnerability. A flaw is present in the application which fails to handle the regular expression, splitPathRe, used within the 'path' module for the various path parsing functions. Successful exploitation allows an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.
Platform: |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows 7 |
Microsoft Windows 10 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows 11 |
Microsoft Windows Server 2022 |