high
8.8
CWE
290 20 350
Advisory Published
CVE Published
Advisory Published
Updated

CVE-2018-7160: Input Validation

First published: Thu Mar 08 2018(Updated: )

## Withdrawn Advisory This advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the [legacy debugger](https://nodejs.org/en/docs/inspector#legacy-debugger) at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a [supported ecosystem](https://github.com/github/advisory-database/blob/main/README.md#supported-ecosystems). ## Original Description The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

Credit: cve-request@iojs.org

Affected SoftwareAffected VersionHow to fix
npm/node-inspector>=6.0
redhat/rh-nodejs8-nodejs<0:8.11.4-1.el7
0:8.11.4-1.el7
redhat/nodejs<8.11.0
8.11.0
redhat/nodejs<6.14.0
6.14.0
redhat/nodejs<9.10.0
9.10.0
Langgenius Dify Node.js>=6.0.0<=6.8.1
Langgenius Dify Node.js>=6.9.0<6.14.0
Langgenius Dify Node.js>=8.0.0<=8.8.1
Langgenius Dify Node.js>=8.9.0<8.11.0
Langgenius Dify Node.js>=9.0.0<9.10.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2018-7160?

    CVE-2018-7160 is categorized as a low severity vulnerability.

  • How do I fix CVE-2018-7160?

    To fix CVE-2018-7160, ensure you are using a version of node-inspector that is below 6.0 or update to a version that addresses the vulnerability.

  • Which versions of Node.js are affected by CVE-2018-7160?

    CVE-2018-7160 affects Node.js versions between 6.0.0 and 8.11.0.

  • Is CVE-2018-7160 still a current threat?

    CVE-2018-7160 has been withdrawn, indicating it may no longer pose a threat as initially believed.

  • What component of Node.js does CVE-2018-7160 affect?

    CVE-2018-7160 affects the inspector code in Node.js.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203