4 matches found
CVE-2023-30591
Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...
CVE-2023-30591 NodeBB Pre-Authentication Denial-of-Service
Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...
CVE-2023-30591
NodeBB pre-2.8.11 is affected by a Denial-of-Service flaw in how Socket.IO messages are processed. The issue arises when eventName is an array or object and the code calls eventName.startsWith() or eventName.toString() without sufficient validation, causing crashes. Affected software: NodeBB 2.8...
CVE-2023-30591 NodeBB Pre-Authentication Denial-of-Service
Denial-of-service in NodeBB = v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking eventName.startsWith or eventName.toString, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively...