5277 matches found
CVE-2020-7662
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
DEBIAN-CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
AZL-44202 CVE-2020-7662 affecting package js-jquery 3.5.0-4
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
Design/Logic Flaw
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
Design/Logic Flaw
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
UBUNTU-CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2020-7662
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2020-7662
CVE-2020-7662 affects the websocket-extensions npm module prior to 0.1.4. The vulnerability arises from the extension parser, which may enter exponential/regex backtracking on a header like Sec-WebSocket-Extensions with an unclosed string containing a repeating two-byte sequence, causing a Denial...
CVE-2020-7663
The CVE-2020-7663 issue affects the ruby-websocket-extensions library (prior to 0.1.5). The parser can take quadratic time when processing a Sec-WebSocket-Extensions header containing an unclosed string parameter value with a repeating two‑byte sequence (backslash and a character), enabling Regex...
CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
Regular Expression Denial of Service (ReDoS)
Overview websocket-extensions is a generic extension manager for WebSocket connections. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The EXTLIST variable within extension parser may take quadratic time when parsing literal backslash \ followed by...
Regular Expression Denial of Service (ReDoS)
Overview websocket-extensions is a Generic extension manager for WebSocket connections Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The EXTLIST variable within extension parser may take quadratic time when parsing literal backslash \ followed by...
PT-2020-19691
Name of the Vulnerable Software and Affected Versions websocket-extensions ruby module versions prior to 0.1.5 Description The issue allows for Denial of Service DoS via Regex Backtracking. An attacker can exploit this by providing a malicious payload with the Sec-WebSocket-Extensions header,...
websocket-extensions -- ReDoS vulnerability
Changelog: Remove a ReDoS vulnerability in the header parser CVE-2020-7663...
CVE-2019-20801
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...
CVE-2019-20801
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...
Design/Logic Flaw
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...
CVE-2019-20801
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...