Skip to main content

Incorrect Regular Expression


Severity High
Score 7.5/10


This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306.

  • LOW
  • NONE
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-185 - Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

Advisory Timeline

  • Published