Lucene search
K

55 matches found

Node.js
Node.js
added 2021/05/13 8:29 p.m.91 views

Regular Expression Denial of Service

Overview In websocket-extensions before version 0.1.4, there is a vulnerability which allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a;...

5CVSS3.6AI score0.03012EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.6 views

rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser

A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...

7.5CVSS7.3AI score0.04404EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2020/09/17 12:0 a.m.29 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : websocket-extensions vulnerability (USN-4502-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4502-1 advisory. It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex...

7.5CVSS7.4AI score0.04404EPSS
Exploits1References2
OSV
OSV
added 2020/09/16 1:7 p.m.4 views

USN-4502-1 ruby-websocket-extensions vulnerability

It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...

7.5CVSS7.3AI score0.04404EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2020/09/16 1:7 p.m.85 views

USN-4502-1: websocket-extensions vulnerability

It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...

7.5CVSS7.4AI score0.04404EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/08/20 12:0 a.m.19 views

Debian: Security Advisory (DLA-2334-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.04404EPSS
Exploits1References3
Debian
Debian
added 2020/08/19 12:1 p.m.62 views

[SECURITY] [DLA 2334-1] ruby-websocket-extensions security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2334-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 19, 2020 https://wiki.debian.org/LTS -...

7.5CVSS7.5AI score0.04404EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/07/07 7:35 p.m.4 views

npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.2AI score0.03012EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/07/01 6:46 p.m.5 views

npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.2AI score0.03012EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2020/07/01 12:0 a.m.74 views

RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-grafana (RHSA-2020:2796)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2796 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

8.2CVSS7AI score0.99856EPSS
Exploits8References18
RedhatCVE
RedhatCVE
added 2020/06/10 2:25 p.m.35 views

CVE-2020-7663

A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...

5CVSS3.1AI score0.04404EPSS
Exploits1References4
OSV
OSV
added 2020/06/05 4:16 p.m.6 views

GHSA-G78M-2CHM-R7QV Regular Expression Denial of Service in websocket-extensions (NPM package)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

8.2CVSS7.1AI score0.03012EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2020/06/05 2:21 p.m.71 views

Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

7.5CVSS7.4AI score0.04404EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2020/06/03 2:15 a.m.28 views

Regular Expression Denial Of Service (ReDoS)

websocket-extensions is vulnerable to regular expression denial of service ReDoS. A regex backtracking is introduced due to the way the parser processes the Sec-WebSocket-Extensions header, using up quadratic time in a single-threaded server when an unclosed string parameter with repeating two-by...

7.5CVSS3.9AI score0.03012EPSS
Exploits1References4Affected Software2
CNVD
CNVD
added 2020/06/03 12:0 a.m.5 views

websocket-extensions denial of service vulnerability

websocket-extensions is an open source WebSocket generic extension manager . A security vulnerability exists in websocket-extensions npm versions prior to 1.0.4. An attacker can exploit this vulnerability to cause a denial of service with the Sec-WebSocket-Extensions header...

7.5CVSS8AI score0.03012EPSS
Exploits1References1
NVD
NVD
added 2020/06/02 7:15 p.m.20 views

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.3AI score0.04404EPSS
Exploits1References6
NVD
NVD
added 2020/06/02 7:15 p.m.24 views

CVE-2020-7662

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS8.2AI score0.03012EPSS
Exploits1References4
OSV
OSV
added 2020/06/02 7:15 p.m.7 views

AZL-44202 CVE-2020-7662 affecting package js-jquery 3.5.0-4

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.1AI score0.03012EPSS
Exploits1References1
OSV
OSV
added 2020/06/02 7:15 p.m.8 views

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS7.4AI score
Exploits0References6
OSV
OSV
added 2020/06/02 7:15 p.m.27 views

CVE-2020-7662

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

7.5CVSS6.9AI score
Exploits0References4
Rows per page
Query Builder