Title: npm mosca Regular Expression Parsing Denial-of-Service Vulnerability CVE ID: CVE-2018-11615 CVSS Score: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) Affected Vendors: npm Affected Products: mosca Vulnerability Details: - This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca. Authentication is not required to exploit this vulnerability. - A crafted regular expression in the processing of topics can cause the broker to crash, enabling attackers to deny access to the target system. Fixed Version: 2.8.2 Disclosure Timeline: - 2018-06-01: Vulnerability reported to vendor - 2018-06-13: Coordinated public release of advisory and advisory update Credit: Federico "phretor" Maggi and Davide "_ocean" Quarta