CVE-2018-7158

Name of the Vulnerable Software and Affected Versions Node.js versions 4.x

Description The issue concerns a potential regular expression denial of service (ReDoS) vector in the 'path' module. This module is used for various path parsing functions, including path.dirname(), path.extname(), and path.parse(). An attacker can craft a string that, when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.

Recommendations For Node.js versions 4.x, consider upgrading to Node.js 6.x or later, as the code in question was replaced in these versions, resolving the issue. As a temporary workaround, consider restricting the use of the 'path' module or the specific functions path.dirname(), path.extname(), and path.parse() to minimize the risk of exploitation.