GitHub Advisory DatabaseGHSA-HHR9-RH25-HVF9Feathers socket handler allows abusing implicit toString
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
29.6%
Impact
Feathers socket handler did not catch invalid string conversion errors like:
const message = `${{ toString: '' }}`
Causing the NodeJS process to crash when sending an unexpected Socket.io message like
socket.emit('find', { toString: '' })
Patches
A fix has been released in
v5.0.8via #3241v4.5.18via #3242
Workarounds
Since it is in the core Socket handling code upgrading to the latest version is necessary.
References
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| @feathersjs/transport-commons | le | 5.0.7 | |
| @feathersjs/transport-commons | le | 4.5.17 | |
| @feathersjs/socketio | le | 5.0.7 | |
| @feathersjs/socketio | le | 4.5.17 |
References
github.com/advisories/GHSA-hhr9-rh25-hvf9
github.com/feathersjs/feathers/blob/crow/CHANGELOG.md#4518-2023-07-19
github.com/feathersjs/feathers/blob/dove/CHANGELOG.md#508-2023-07-19
github.com/feathersjs/feathers/commit/0b9a6b19b12ad05934e4c8bd9917448ed39d1ed8
github.com/feathersjs/feathers/commit/c397ab3a0cd184044ae4f73540549b30a396821c
github.com/feathersjs/feathers/pull/3241
github.com/feathersjs/feathers/pull/3242
github.com/feathersjs/feathers/security/advisories/GHSA-hhr9-rh25-hvf9
nvd.nist.gov/vuln/detail/CVE-2023-37899
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
29.6%