4 matches found
CVE-2023-37899
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...
@agor-live/client (>=0.16.0 <=0.21.1), @b3dotfun/b3-api (>=0.0.2 <=0.0.102) +127 more potentially affected by CVE-2023-37899 via @feathersjs/transport-commons (>=5.0.11 <=5.0.5)
@feathersjs/transport-commons NPM version =5.0.11, =0.16.0, =0.0.2, =0.0.0, =0.0.1-react-native, =0.0.1-alpha.1, =1.0.0, =0.0.10, =5.0.0-pre.0, =0.1.0, =0.1.0, =0.3.1, =0.1.0, =0.4.0-pre.0, =0.4.0-pre.3 and more Source cves: CVE-2023-37899 Source advisory: OSV:GHSA-HHR9-RH25-HVF9...
CVE-2023-37899
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like const message = $ toString: '' which would cause the NodeJS process to crash when sending an unexpected Socket.io...
CVE-2023-37899
CVE-2023-37899 concerns Feathersjs: the socket handler fails to catch invalid string conversion errors (e.g., a crafted toString object), causing Node.js to crash on unexpected Socket.io messages. A fix is available in Feathers versions 5.0.8 and 4.5.18; users should upgrade. There is no known wo...