EUVD-2022-7668

Malicious code in bioql PyPI...

Denial Of Service (DoS)

github.com/ecnepsnai/web is vulnerable to denial of service. The vulnerability exists in the socketHandler function in websocket.go because the AuthenticateMethod is not called, and UserData will be nil in request methods which will attempt to read the UserDataand may result in a panic...

GHSA-JPGG-CP2X-QRW3 Duplicate Advisory: ecnepsnai/web vulnerable to Uncontrolled Resource Consumption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gjg-jgh4-gppm. This link is maintained to preserve external references. Original Description Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if t...

Duplicate Advisory: ecnepsnai/web vulnerable to Uncontrolled Resource Consumption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gjg-jgh4-gppm. This link is maintained to preserve external references. Original Description Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if t...

CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

CVE-2021-4236

CVE-2021-4236 affects github.com/ecnepsnai/web. WebSockets with an AuthenticateMethod hook do not execute any AuthenticateMethod, enabling a nil pointer dereference if UserData is assumed non-nil or allowing authentication bypass. Non-WebSocket request handlers are not vulnerable. No remediation/...

GO-2022-0385

The AuthenticateMethod authentication hook is not called for WebSocket connections, allowing unauthenticated access. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not explicitly use WebSockets are not vulnerable...

GHSA-5GJG-JGH4-GPPM Websocket requests did not call AuthenticateMethod

Impact Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod. The AuthenticateMethod is not called, and UserData will be nil in request methods...

Websocket requests did not call AuthenticateMethod

Impact Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod. The AuthenticateMethod is not called, and UserData will be nil in request methods...