CVE-2018-11615

Name of the Vulnerable Software and Affected Versions npm mosca version 2.8.1

Description This issue allows remote attackers to deny service on vulnerable installations. Authentication is not required to exploit this issue. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash, allowing an attacker to deny access to the target system.

Recommendations For npm mosca version 2.8.1, update to a version that fixes the regular expression parsing issue to prevent denial-of-service attacks. As a temporary workaround, consider restricting access to the topic processing functionality until a patch is available.