Lucene search
+L

4 matches found

Hacker One
Hacker One
added 2022/04/12 12:53 a.m.90 views

Reddit: Regular Expression Denial of Service vulnerability

Summary: The vulnerability I have found is classified as a Regular Expression Denial of Service. While inspecting the source code file RealtimeGQLSubscriptionAsync.js I came across the nodemodule subscriptions-transport-ws See Screenshot 1. The search result of the subscriptions-transport-ws...

5CVSS2AI score0.02821EPSS
Exploits1
Node.js
Node.js
added 2021/05/28 7:31 p.m.83 views

Regular Expression Denial of Service

Overview In ws before versions 5.2.3, 6.2.2 and 7.4.6 there is a ReDOS vulnerability. Impact A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Proof of concept js for const length of 1000, 2000, 4000, 8000, 16000, 32000 const value ...

5CVSS1.9AI score0.02821EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2021/05/28 7:19 p.m.6 views

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +163 more potentially affected by CVE-2021-32640 via ws (>=5.0.0 <=5.2.2)

ws NPM version =5.0.0, =0.1.2, =0.3.7, =0.1.8, =1.0.0, =1.0.0, =1.0.17-beta, =1.3.6, =0.1.0, =3.0.0, =3.0.0, =1.0.21, =1.0.27 and more Source cves: CVE-2021-32640 Source advisory: OSV:GHSA-6FC8-4GX4-V693...

5.3CVSS6.4AI score0.02821EPSS
Exploits1
CVE
CVE
added 2021/05/25 6:25 p.m.221 views

CVE-2021-32640

CVE-2021-32640 affects the Node.js ws library. A specially crafted value in the Sec-Websocket-Protocol header can be used to significantly slow down a ws server (resource consumption). The issue is fixed in [email protected]. In vulnerable versions, mitigation includes reducing the maximum length of HTTP ...

5.3CVSS5.4AI score0.02821EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder