ALPINE-CVE-2018-7160

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2018-7160
Published: 17 May 2018, 14:29
Last modified:03 Dec 2025, 22:43

Vulnerability Summary

Overall Risk (default)
medium
35/100
CVSS Score
8.8 HIGH
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

17 May 2018, 14:29
Published
Vulnerability first disclosed
03 Dec 2025, 22:43
Last Modified
Vulnerability information updated

Description

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

CVSS Metrics

  • v3.1HIGHScore: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Systems

  • alpinenodejs

    < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0 | < 8.11.0-r0

References (1)