2 matches found
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
CVE-2023-26103
CVE-2023-26103 affects Deno before 1.31.0, where upgradeWebSocket uses regexes /s*,s*/ to split Connection/Upgrade headers, enabling a Regular Expression Denial of Service that can significantly slow a WebSocket server. Multiple connected sources confirm the issue and state a patch in Deno 1.31.0...