Exploit for Improper Handling of Exceptional Conditions in Sockjs_Project Sockjs

CVE-2020-7693 Poc Note: I Confirm Payload for CVE-2020-76...

EUVD-2021-0832

Malware in sbrugna...

0726react (=0.1.1), 0x0.icu.anima (=0.1.0) +12745 more potentially affected by CVE-2020-7693 via sockjs (>=0.0.4 <=0.3.19)

sockjs NPM version =0.0.4, =1.0.4, =0.1.0, =0.0.1, =0.1.0, =1.4.0, =0.1.0, =0.1.1 and more Source cves: CVE-2020-7693 Source advisory: OSV:GHSA-C9G6-9335-X697...

diversion (>=0.2.0 <=0.4.6), push-it (>=0.1.0 <=0.1.4) +1 more potentially affected by CVE-2020-8823 via sockjs (>=0.0.4 <=0.2.1)

sockjs NPM version =0.0.4, =0.2.0, =0.1.0, =0.0.0pre3, =0.0.0pre31 Source cves: CVE-2020-8823 Source advisory: OSV:GHSA-HH8V-JMH3-9437...

Denial of Service (DoS)

Overview sockjs is a JavaScript library for browsers that provides a WebSocket-like object. Affected versions of this package are vulnerable to Denial of Service DoS. Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. PoC by Andrew...