Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-7662

Published: 02/06/2020 Updated: 23/12/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Websocket-extensions

Vulnerability Summary

websocket-extensions npm module before 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an malicious user to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

websocket-extensions project websocket-extensions

Vendor Advisories

Red Hat: Important: Red Hat OpenShift Service Mesh 1.0 servicemesh-grafana security update
Synopsis Important: Red Hat OpenShift Service Mesh 10 servicemesh-grafana security update Type/Severity Security Advisory: Important Topic An update for servicemesh-grafana is now available for OpenShift Service Mesh 10Red Hat Product Security has rated this update as having a security impact of Importan ...
Red Hat: Important: Red Hat OpenShift Service Mesh servicemesh-grafana security update
Übersicht Important: Red Hat OpenShift Service Mesh servicemesh-grafana security update Typ/Schweregrad Security Advisory: Important Thema An update for servicemesh-grafana is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Importan ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

References

NVD-CWE-Otherhttps://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237https://blog.jcoglan.com/2020/06/02/redos-vulnerability-in-websocket-extensionshttps://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qvhttps://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:2861
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook