Lucene search
K

5 matches found

NVD
NVD
added 2026/05/12 8:16 p.m.10 views

CVE-2026-44217

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

8.7CVSS0.0041EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 7:51 p.m.24 views

CVE-2026-44217

The CVE-2026-44217 entry affects the sse-channel SSE implementation used in Node.js streams. Prior to version 4.0.1, passing user-provided values to the event, retry, or id fields allows event spoofing, enabling injection of arbitrary SSE messages into the stream and potentially impacting consume...

8.7CVSS5.9AI score0.0041EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

sse-channel 注入漏洞

SSE-Channel is a server-push event channel tool developed by Espen Hovlandsdal, based on Node.js. Versions of SSE-Channel prior to 4.0.1 had an injection vulnerability. This vulnerability stemmed from implementations that allowed users to provide values passed into fields such as event, retry, or...

8.7CVSS5.9AI score0.0041EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/05 10:17 p.m.8 views

NPM: sse-channel: SSE Injection via unsanitized event fields

NPM: sse-channel: SSE Injection via unsanitized event fields vulnerability discovered by ? in WordPress Npm sse-channel versions = 4.0.0...

8.7CVSS5.8AI score0.0041EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/05 10:17 p.m.11 views

CRLF Injection

Overview sse-channel is a Server-Sent Events "channel" where all messages are broadcasted to all connected clients, history is maintained automatically and server attempts to keep clients alive by sending "keep-alive" packets automatically. Affected versions of this package are vulnerable to CRLF...

8.7CVSS5.9AI score0.0041EPSS
Exploits0References2
Rows per page
Query Builder