Skip to main content

Sockjs

2 CVEs product

Monthly

CVE-2020-7693 npm MEDIUM POC PATCH This Month

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Sockjs
NVD GitHub
CVSS 3.1
5.3
EPSS
5.0%
CVE-2020-8823 npm MEDIUM POC PATCH This Month

htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sockjs
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
EPSS 5% CVSS 5.3
MEDIUM POC PATCH This Month

Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Sockjs
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sockjs
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy