Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/23 4:50 a.m.9 views

CVE-2023-37899

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

7.5CVSS6.8AI score0.00963EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/07/20 2:54 p.m.2 views

@agor-live/client (>=0.16.0 <=0.21.1), @b3dotfun/b3-api (>=0.0.2 <=0.0.102) +127 more potentially affected by CVE-2023-37899 via @feathersjs/transport-commons (>=5.0.11 <=5.0.5)

@feathersjs/transport-commons NPM version =5.0.11, =0.16.0, =0.0.2, =0.0.0, =0.0.1-react-native, =0.0.1-alpha.1, =1.0.0, =0.0.10, =5.0.0-pre.0, =0.1.0, =0.1.0, =0.3.1, =0.1.0, =0.4.0-pre.0, =0.4.0-pre.3 and more Source cves: CVE-2023-37899 Source advisory: OSV:GHSA-HHR9-RH25-HVF9...

7.5CVSS7AI score0.00963EPSS
Exploits1
nvd
nvd
added 2023/07/19 8:15 p.m.41 views

CVE-2023-37899

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...

7.5CVSS7.5AI score0.00963EPSS
Exploits1References5
cve
cve
added 2023/07/19 7:45 p.m.2527 views

CVE-2023-37899

CVE-2023-37899 concerns Feathersjs: the socket handler fails to catch invalid string conversion errors (e.g., a crafted toString object), causing Node.js to crash on unexpected Socket.io messages. A fix is available in Feathers versions 5.0.8 and 4.5.18; users should upgrade. There is no known wo...

7.5CVSS7.5AI score0.00963EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder