How severe is CVE-2018-7158?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2018-7158?

This is classified as CWE-185, which is a common weakness in software security.

CVE-2018-7158

HIGH Year: 2018

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-185

View all →

Vulnerability Description

The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.

CVE-2018-20801

HIGH

CVSS:7.5(High)

In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka...

CWE-1852018

CVE-2019-14993

HIGH

CVSS:7.5(High)

Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding A...

CWE-1852019

CVE-2025-20139

HIGH

CVSS:7.5(High)

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is ...

CWE-1852025

CVE-2018-17984

HIGH

CVSS:7.8(High)

An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have loca...

CWE-1852018

CVE-2020-7929

MEDIUM

CVSS:6.5(Medium)

A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 ...

CWE-1852020

CVE-2020-3408

HIGH

CVSS:8.6(High)

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of...

CWE-1852020

CVE-2018-7158

Vulnerability Description

Related Vulnerabilities

CVE-2018-20801

CVE-2019-14993

CVE-2025-20139

CVE-2018-17984

CVE-2020-7929

CVE-2020-3408