Search for vulnerabilities
Vulnerability details: VCID-qtt5-1ydb-aaac
Vulnerability ID VCID-qtt5-1ydb-aaac
Aliases CVE-2018-7160
GHSA-wq4c-wm6x-jw44
Summary The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-290 Authentication Bypass by Spoofing
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7160.html
cvssv3 5.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01169 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01571 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01571 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01571 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01571 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01571 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01571 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01864 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01864 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01864 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.01864 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.02002 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.02002 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.03260 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
epss 0.57037 https://api.first.org/data/v1/epss?cve=CVE-2018-7160
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1561979
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160
cvssv3 8.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-wq4c-wm6x-jw44
cvssv3.1 8.8 https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9
generic_textual HIGH https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9
cvssv3.1 8.8 https://nodejs.org/en/blog/vulnerability/march-2018-security-releases
generic_textual HIGH https://nodejs.org/en/blog/vulnerability/march-2018-security-releases
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2018-7160
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-7160
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-7160
cvssv3.1 8.8 https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS
generic_textual HIGH https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS
cvssv3.1 5.3 https://www.oracle.com//security-alerts/cpujul2021.html
generic_textual MODERATE https://www.oracle.com//security-alerts/cpujul2021.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-7160.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json
https://api.first.org/data/v1/epss?cve=CVE-2018-7160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS
https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS
https://www.oracle.com//security-alerts/cpujul2021.html
1561979 https://bugzilla.redhat.com/show_bug.cgi?id=1561979
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
CVE-2018-7160 https://nvd.nist.gov/vuln/detail/CVE-2018-7160
GHSA-wq4c-wm6x-jw44 https://github.com/advisories/GHSA-wq4c-wm6x-jw44
USN-USN-4796-1 https://usn.ubuntu.com/USN-4796-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7160.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nodejs.org/en/blog/vulnerability/march-2018-security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-7160
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-7160
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-7160
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.f5.com/csp/article/K63025104?utm_source=f5support&utm_medium=RSS
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com//security-alerts/cpujul2021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.7672
EPSS Score 0.01169
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.