Lucene search
K

4 matches found

NVD
NVD
added 2023/09/29 6:15 a.m.23 views

CVE-2023-30591

Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...

7.5CVSS7.5AI score0.53804EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/09/29 5:6 a.m.26 views

CVE-2023-30591 NodeBB Pre-Authentication Denial-of-Service

Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...

7.5CVSS6.9AI score0.53804EPSS
Exploits0References4
CVE
CVE
added 2023/09/29 5:6 a.m.66 views

CVE-2023-30591

NodeBB pre-2.8.11 is affected by a Denial-of-Service flaw in how Socket.IO messages are processed. The issue arises when eventName is an array or object and the code calls eventName.startsWith() or eventName.toString() without sufficient validation, causing crashes. Affected software: NodeBB 2.8...

7.5CVSS7.5AI score0.53804EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/09/29 5:6 a.m.31 views

CVE-2023-30591 NodeBB Pre-Authentication Denial-of-Service

Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...

7.5CVSS7.7AI score0.53804EPSS
Exploits0References4
Rows per page
Query Builder