Lucene search
+L

4 matches found

Snyk
Snyk
added 2026/06/19 1:53 p.m.7 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the WebsocketToken handler and the WebSocket upgrader process. An attacker can access sensitive session state and resource information by obtaining a CSRF token from an unauthenticated...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 12:47 a.m.7 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the WebSocket upgrader process. An attacker can gain unauthorized interactive shell access to containers by initiating a WebSocket connection from a same-site origin that carries the victim's valid...

9.6CVSS5.8AI score0.00195EPSS
Exploits1References2
Veracode
Veracode
added 2025/09/08 8:9 a.m.7 views

Cross-Site WebSocket Hijacking (CSWSH)

github.com/komari-monitor/komari is vulnerable to Cross-Site WebSocket Hijacking CSWSH. The vulnerability is due to disabled origin checking in the WebSocket upgrader, which allows an attacker to send malicious requests using a victim’s browser cookies and achieve remote code execution...

8.6CVSS7.3AI score0.00515EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.36 views

destiny.gg chat 跨站请求伪造漏洞

destiny.gg chat is destiny.gg open source a destin.gg chat backend. destiny.gg chat suffers from a cross-site request forgery vulnerability that stems from a problem with the function websocket.Upgrader in the file main.go, which could lead to cross-site request forgery...

8.8CVSS7.5AI score0.00343EPSS
Exploits0References4
Rows per page
Query Builder