55 matches found
Regular Expression Denial of Service
Overview In websocket-extensions before version 0.1.4, there is a vulnerability which allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a;...
rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : websocket-extensions vulnerability (USN-4502-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4502-1 advisory. It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex...
USN-4502-1 ruby-websocket-extensions vulnerability
It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...
USN-4502-1: websocket-extensions vulnerability
It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...
Debian: Security Advisory (DLA-2334-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2334-1] ruby-websocket-extensions security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2334-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 19, 2020 https://wiki.debian.org/LTS -...
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
RHEL 8 : Red Hat OpenShift Service Mesh servicemesh-grafana (RHSA-2020:2796)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2796 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
CVE-2020-7663
A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...
GHSA-G78M-2CHM-R7QV Regular Expression Denial of Service in websocket-extensions (NPM package)
Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...
Regular Expression Denial of Service in websocket-extensions (RubyGem)
Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...
Regular Expression Denial Of Service (ReDoS)
websocket-extensions is vulnerable to regular expression denial of service ReDoS. A regex backtracking is introduced due to the way the parser processes the Sec-WebSocket-Extensions header, using up quadratic time in a single-threaded server when an unclosed string parameter with repeating two-by...
websocket-extensions denial of service vulnerability
websocket-extensions is an open source WebSocket generic extension manager . A security vulnerability exists in websocket-extensions npm versions prior to 1.0.4. An attacker can exploit this vulnerability to cause a denial of service with the Sec-WebSocket-Extensions header...
CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2020-7662
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
AZL-44202 CVE-2020-7662 affecting package js-jquery 3.5.0-4
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...
CVE-2020-7662
websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...