Candidate: CVE-2018-7160
PublicDate: 2018-05-17 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7160
Description:
 The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding
 attack which could be exploited to perform remote code execution. An attack
 is possible from malicious websites open in a web browser on the same
 computer, or another computer with network access to the computer running
 the Node.js process. A malicious website could use a DNS rebinding attack
 to trick the web browser to bypass same-origin-policy checks and to allow
 HTTP connections to localhost or to hosts on the local network. If a
 Node.js process with the debug port active is running on localhost or on a
 host on the local network, the malicious website could connect to it as a
 debugger, and get full code execution access.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_nodejs:
upstream_nodejs: released (8.11.1~dfsg-2)
precise/esm_nodejs: DNE
trusty_nodejs: not-affected (code not present)
trusty/esm_nodejs: not-affected (code not present)
xenial_nodejs: not-affected (code not present)
artful_nodejs: ignored (reached end-of-life)
bionic_nodejs: needed
cosmic_nodejs: not-affected (8.11.2~dfsg-1)
disco_nodejs: not-affected (8.11.2~dfsg-1)
eoan_nodejs: not-affected (8.11.2~dfsg-1)
focal_nodejs: not-affected (8.11.2~dfsg-1)
groovy_nodejs: not-affected (8.11.2~dfsg-1)
hirsute_nodejs: not-affected (8.11.2~dfsg-1)
impish_nodejs: not-affected (8.11.2~dfsg-1)
jammy_nodejs: not-affected (8.11.2~dfsg-1)
devel_nodejs: not-affected (8.11.2~dfsg-1)