5 matches found
CVE-2026-44217
sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...
CVE-2026-44217
The CVE-2026-44217 entry affects the sse-channel SSE implementation used in Node.js streams. Prior to version 4.0.1, passing user-provided values to the event, retry, or id fields allows event spoofing, enabling injection of arbitrary SSE messages into the stream and potentially impacting consume...
sse-channel 注入漏洞
SSE-Channel is a server-push event channel tool developed by Espen Hovlandsdal, based on Node.js. Versions of SSE-Channel prior to 4.0.1 had an injection vulnerability. This vulnerability stemmed from implementations that allowed users to provide values passed into fields such as event, retry, or...
NPM: sse-channel: SSE Injection via unsanitized event fields
NPM: sse-channel: SSE Injection via unsanitized event fields vulnerability discovered by ? in WordPress Npm sse-channel versions = 4.0.0...
CRLF Injection
Overview sse-channel is a Server-Sent Events "channel" where all messages are broadcasted to all connected clients, history is maintained automatically and server attempts to keep clients alive by sending "keep-alive" packets automatically. Affected versions of this package are vulnerable to CRLF...