4 matches found
CVE-2025-63783
A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...
GHSA-PJ3V-9CM8-GVJ8 tRPC 11 WebSocket DoS Vulnerability
Summary An unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to crash a tRPC 11 WebSocket server. Details Any tRPC 11 server with WebSocket enabled with a createContext method set is vulnerable. Here is a...
CVE-2025-43855
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855
CVE-2025-43855 affects tRPC 11 WebSocket servers (versions 11.0.0–11.1.0) where validating malformed connectionParams can throw an unhandled error, crashing the server. Any unauthenticated user can trigger this on WebSocket-enabled servers with a createContext method. The issue has been patched i...