Описание
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith() or eventName.toString(), while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
Ссылки
- Patch
- Patch
- Patch
- Third Party Advisory
- Patch
- Patch
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.10 (включая)
cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01785
Низкий
7.5 High
CVSS3
Дефекты
CWE-241
CWE-754
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.
EPSS
Процентиль: 82%
0.01785
Низкий
7.5 High
CVSS3
Дефекты
CWE-241
CWE-754