Remote Code Execution (RCE)

Vitest is vulnerable to Remote Code Execution RCE. The vulnerability is due to the WebSocket server not validating the Origin header and lacking an authorization mechanism, allowing an attacker to inject and execute arbitrary code via the saveTestFile and rerun APIs...

CVE-2025-24964 Remote Code Execution when accessing a malicious website while Vitest API server is listening

Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...

ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the server.maxHeadersCount threshold could be used to crash a ws server. Proof of concept js const http = require'http'; const WebSocket = require'ws'; const wss = new WebSocket.Server port: 0 , function const chars =...

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

CVE-2024-28251

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of quer...

CVE-2024-28251

Querybook (Big Data Querying UI) exposes a cross-site websocket hijacking risk due to permissive CORS on its WebSocket Server. The issue affects datadocs functionality where the client communicates with a WebSocket Server to update/read/delete cells and monitor query execution, enabling an attack...

GHSA-HMGW-9JRG-HF2M Directus crashes on invalid WebSocket message

Summary It seems that any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. This could probably be posted as an issue and I might even be able to put together a pull request for a fix if only I had some extra time..., but I decided...

CVE-2023-1751

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which...

Authorization

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which...

CVE-2023-1751 CVE-2023-1751

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which...

CVE-2023-1751 CVE-2023-1751

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which...

SUSE CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

patrickfuller camp 安全漏洞

patrickfuller camp patrickfuller camp is a websocket-based Raspberry Pi webcam web server by the individual developer Patrick Fuller. A security vulnerability exists in patrickfuller camp commit number: bbd53a256ed70e79bd8758080936afbf6d738767, which stems from the fact that its...

Gohide - Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption

Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET http-client Set-Cookie Session Cookie HTTP/2 200 OK http-server WebSocket Handshake "Sec-WebSocket-Key" websocket-client WebSocket Handshake "Sec-WebSocket-Accept"...

Mageia: Security Advisory (MGASA-2015-0010)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-4676 · Libexpat +2 · Libexpat +2

Name of the Vulnerable Software and Affected Versions: Prosody affected versions not specified Description: The issue is related to the implementation of the WebSocket server module for Jabber/XMPP in Prosody, which is associated with incorrect restriction of XML links to external objects. This c...

GHSA-77Q4-M83Q-W76V Missing Origin Validation in browserify-hmr

Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

Design/Logic Flaw

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...