CVE-2018-7160
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-7160
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不恰当地信任反向DNS
Source: NVD (National Vulnerability Database)
Vulnerability Title
Joyent Node.js inspector 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。inspector是其中的一个调试工具。 Joyent Node.js 6.x及之后版本中的inspector存在安全漏洞。远程攻击者可借助恶意的网站利用该漏洞绕过同源协议检查并通过HTTP协议连接到本地主机或本地网络上的主机,并且可能执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The Node.js Project | Node.js | ^6.0.0 || ^8.0.0 || ^9.0.0 | - |
II. Public POCs for CVE-2018-7160
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-7160
请登录查看更多情报信息。
- https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/x_refsource_CONFIRM
- https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-7160
Same Patch Batch · The Node.js Project · 2018-05-17 · 3 CVEs total
| CVE-2018-7158 | Joyent Node.js path模块输入验证错误漏洞 | |
| CVE-2018-7159 | Joyent Node.js HTTP解析器输入验证错误漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-350
- CVE-2026-6874
ericc-ch copilot-api Header token dns rebinding - CVE-2026-24281
Apache ZooKeeper: Reverse-DNS fallback enables hostname veri - CVE-2026-28271
Kiteworks Core is vulnerable to Server-Side Request Forgery - CVE-2026-1490
Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - - CVE-2025-59956
AgentAPI exposed user chat history via a DNS rebinding attac
V. Comments for CVE-2018-7160
No comments yet