2 matches found
GHSA-C9G6-9335-X697 Improper Input Validation in SocksJS-Node
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20...
GHSA-HH8V-JMH3-9437 Cross-site scripting in SocksJS-node
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c aka callback parameter...